The number of Cyber-Attacks on companies, governments and public sector institutions is rising dramatically. Faster and more aggressive responses are needed to guarantee the security of environments. What can IT security experts do to manage this significant responsibility?
As the digitization of processes at the workplace progresses inexorably, each new device also represents yet another point at which organizations are vulnerable. Many companies, especially smaller businesses, are overwhelmed by the sheer numbers of technical IT security solutions that are available on the market. So what’s the best approach? Best-of-breed or best-of-suite?
Best-of-breed means identifying and implementing the best possible solution for each application area. The approach selects suites from a variety of providers and unites them into one single solution.
Organizations choosing a best-of-breed solution can make pinpoint decisions based on a relevant set of requirements and will therefore be certain that all of their specifications are satisfied. But they should bear in mind that integration of the selected solutions, i.e. software, to create an end-to-end security strategy can often prove tricky. Interfaces alone will frequently achieve only a low level of vertical integration. In most cases the costs of roll-out, maintenance and operation will be greater than the outlay on a holistic solution. Moreover, it is essential to ensure that employees are equally trained in operating all the systems and that they remain up-to-date.
So if the project managers in the organization are not entirely certain what they are doing and are unable to fit all the pieces of the puzzle perfectly together, they may end up missing the mark and incurring considerable costs in the long term.
The best-of-suite approach is the other alternative, which involves using all of the applications offered by the provider that offers the best overall solution. Standard suite solutions tend to be adequate for the requirements of most organizations and they enable significant savings on the costs of roll-out, maintenance, operation, training and licenses. Microsoft takes this approach with its Microsoft 365 Suite.
The most important parts of the Microsoft 365 Suite are the security components that protect modern workplaces from the constantly changing realm of Cyber-Threats. Microsoft 365 contains a wide range of security functions, including information protection, threat protection, identity and access management, as well as security management. All of them are designed to offer comprehensive, end-to-end protection of the organization’s environment. So how should one picture interaction between the various Microsoft security components? The answer is illustrated very well in the following diagram “Cyber-Security Reference Architecture: Security for a Hybrid Enterprise”, which vividly presents how Microsoft’s best-of-suite approach slots together in the individual areas to create a big picture.
There is no easy answer to the question of whether a best-of-breed or a best-of-suite solution promises the better rewards, especially in the area of security. Any meaningful decision can only be made on the basis of individual requirements and the available technical infrastructure. But nonetheless, there are criteria that need to be considered in every event: Total costs, management workload, relationship with the provider, training requirements, support and – last but not least – the functions.
Organizations that do not intend to pursue a best-of-suite strategy for security especially are advised to adopt a “soft” best-of-breed strategy by limiting the number of providers to between two and no more than three.
Criminal cyber-activities come with only one goal: to attack your systems and to leave you with financial damages and reputational loss. In our October edition, we will cover latest data breaches such as a ransomware attack on several U.S.…
Many organizations simply do not have the resources and expertise available to build an effective in-house security operations center (SOC). Let’s take a look at how you can put together an SOC that can be maintained for years to come.