Complexity in Cybersecurity - A classic use case of the law of diminishing returns

Healthcare organizations are often whipsawed between administering complex security solutions and lack of skilled resources on one hand while ensuring security, privacy and providing quality healthcare experience on the other.

In such a dynamic organizational environment such as Healthcare, security managers are often foisted with a task of securing a new business flow for which no solution exists. This is because business needs come first and securing them follows.

Security solution, thereby gets retrofitted with features and capabilities to support newer business needs with overly complex workflows, multi-layered policies and data collection engines that often end up becoming a big data analytics exercise.  Moreover, as you add layers of security technologies, the IT administrators often get lost in the multitude of features and intricate manual workflows that requires artisan precision.   

For example, configuring integrated systems with firewall /IDS/IPS capabilities are not for the weak hearted.  This task requires knowledge of the systems being protected, protocols and ports the system uses. An advanced firewall system often provides numerous features such as group level policy, device level policy, policies based on zones or on a global setting. Moreover, individual rules can be coarse grain or fine grain depending on the administrator level of expertise with the device. 

Imagine the task of individually securing disparate systems!

Yes, you guessed it right –security administrators often end up applying group policies and other cookie-cutter models across different systems and settings.

This creates traffic holes, mismatched rules, shadowing and redundant configuration.  Side effects include systems getting over-provisioned in certain pockets of the network causing service degradation while other systems are under-provisioned making them vulnerable. Moreover, security teams are left feeling overwhelmed trying to manage complex security infrastructure that is esoteric in nature while the security incidents continue to go up at an alarming rate.

Complexity is the worst enemy of security. This is a classic use case of the law of diminishing returns.

Another ground reality that is plaguing Healthcare providers is the fact that there are not enough hands on the deck to take care of the IT security. Independent surveys by SANS and Healthcare Industry cyber security task force consider lack of skilled resources as one biggest impediment from having an effective security enforcement.  

Often, the solution to this ensnaring predicament can be simple.

1.       Eliminate complexity:

"If his forces are united, separate them"

-Sun Tzu, The Art of War

When data analysis and decision making are aggregated at a centralized level, the problem looks monstrously amplified.   Like in war or in the analytical problem resolution, when complex problems are broken down by the principles of decomposition, they are easier to manage and solve.  Using the same analogy, if devices are protected at a closer proximity, surface area of the attack is smaller and hence less complex.  Since the problem is localized, the immediate benefits are the following:

-          Resolutions are precise and accurate as the data are less noisy.

-          Incident detection is immediate due to proximity factor.

-          Substantial reduction in time taken to identify and contain a data breach.

-          Instant threat assessment and decision making due to reduced dimensionality of threat vector.

1.       Automate:

"Automation applied to an efficient operation will magnify the efficiency"

-Bill Gates

This is particularly true for any task that is repetitive and often has in-deterministic frequency and done in an incremental manner over a period.  Furthermore, automation is effective for tasks such as finding hidden patterns in data and repeating this behavior across disparate unique corpus for building behavioral models.   Key benefits of automation are:

-          Zero touch configuration implies faster deployment.

-          Eliminates inefficiencies and errors in tasks that are repetitive in nature.

-          Increased computational efficiencies provide immediate insight in real time.

-          Tackles the issue of resource crunch allowing organization to optimally utilize critical resources.

Epilogue: When the malware is at the gate, having too many knobs to turn for analysis and skimming through the avalanche of data may not always be the fastest way to respond.  Proximity to the device being protected, Simplicity to configure, localizability and automation is often essential in combating the intruder.