Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Why People, Processes, and Technology Cannot Change in Isolation
Security

Why People, Processes, and Technology Cannot Change in Isolation

By Chris Kissel
29 October, 2020

Since 2004, October has been designated by the National Cybersecurity Alliance as National Cybersecurity Awareness Month (NCSAM). Immediately, the mind wanders to supercomputers creating unbreakable algorithms against adversaries with unlimited compute power. This virtual landscape is happening today, and the arms race on both sides is something that we will have to grapple with for the foreseeable future. Before I get too cute with this article, do understand that it is important that the good guys forever try to create technologies and friction ahead of the bad guys. 

However, coronavirus has retaught us one fundamental—in cybersecurity people, processes, and technology must develop in parallel. 

Think of what happened: there was a mass stay-gration as workers, students, and administrators who usually went to offices and schools were suddenly forced to conduct activities from home. Obviously, this affected people, processes, and technologies. From a technology perspective, many outcomes were immediate—because they had to be. Companies were forced to build connectivity platforms, including video conferencing. VPN became an on-premises at-work construct to now include computers at home and offsite. Identity and access management became more important than ever. And cybersecurity teams had to have immediate visibility over a new disaggregated network. A concerted movement into digital transformation was hastened out of necessity. 

Processes also changed. In the cybersecurity center, often one professional could talk directly with an adjacent department, over a cubicle wall perhaps, but that intimacy has been eliminated. In many office environments, the IT staff did everything from the ethernet cabling and enabling password access to creating firewall rules. In the new world, even transporting on-premises IT processes to the cloud or moving IT from a physical location to a virtual one required new tools and procedures. Companies acquired tools for specific use cases but may not have had the proper training in implementing them. Any new processes still had to pass muster with regulators, protect customers and employees, and avoid creating new exposures for an adversary to compromise.

The danger of the human element

The most interesting element of this transformation has been the “people” aspect. Professionals who rarely did their jobs remotely had to learn to be productive at their homes. And because this evolution was happening during a pandemic, the family unit was confined to the house 24/7, often with each person sharing and fighting for bandwidth.

The human element is also potentially the most dangerous vulnerability. Think about it: a person who worked at an office may have had little opportunity or incentive to leave the VPN, but now must mix business and personal workflow. Often an employee needing to access something that is being blocked will turn off the VPN and create a workaround. A new announcement about a COVID-19 treatment prompts the same person to seek information, often misemplopying their business PC. 

The pandemic has also yielded other good learnings. This is what we are finding out:

  1. Companies typically thought of IT, operations, cybersecurity, compliance, and risk separately. The pandemic has forced them to realize that these areas are inextricably tied together and to streamline tools and processes.
  2. As a corollary, if security, risk, and operational technology are viewed as a singular business continuum, an additional benefit is realized. If a company can standardize as much as possible on common platforms, it gains economies of scale. Fragmented processes such as patch management, new firewall rules, and IT/security workflow mitigate the mean-time-to-detect and mean-time-to-respond to alerts and incidents. 
  3. Processes have to be portable and easy to replicate. From the standpoint of security, incident triage has to lead directly into a playbook, and the playbook has to lead into a defined workflow and a measurable outcome. 
  4. Understanding risk is the required of all disciplines. Obviously, certain assets are more valuable than others. Personally identifiable information (PII) has to be protected at all costs because the liability incurred has legal ramifications as well as the potential to incur a great loss of reputation. Companies have to consider ingress/egress, identity, and the value of the data protected in the same fell swoop and continuously.

Perhaps the most important lesson may be this: Despite all good intentions, plans fall apart. High level board meetings are disrupted by screaming kids and barking dogs; access to business links are cutoff from reasons ranging from lack of bandwidth to power outages to application unavailability; and productive workers are stymied by network protocols. The great gift of empathy, always evident from afar, is now needed more than ever.   

 

Want to learn more about the changing environment? Download the new SolarWinds sponsored IDC research: Accelerating Transformation with Security and Operations Collaboration Best Practices

 

Chris Kissel is IDC Research Director, Worldwide Security & Trust Products

 

Additional reading

NCSAM: Analyzing and Improving Your Security Practice
NCSAM: Detecting the Latest Cyberthreats
NCSAM: Responding to and Recovering from Threats as They Arise
You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year

Security

What Do Auto Racing and EDR Have in Common?

Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.