Resolutions for 2017

A new year, and new opportunities abound in your security organization. Here are some things to consider as security resolutions for 2017.

Engage: Reach out to the local community, engage at events like BSides and other meetups, but most importantly, engage with your users. Embrace the fact that they can be your biggest allies in the fight to secure your environment, or your biggest threat - and how you engage with them will make all the difference.

Account: Take an accounting of your assets, infrastructure, relationships. Understand where your critical data lies. Two areas of focus for 2017. Number one is IoT/dark devices - understand that everything that connects to your networks forms a risk, and figure out who owns the devices and how to deal with them - updates, patching, lifecycle. Number two is cloud services. You may not like it, but there are probably hundreds of cloud apps already in use in your organization - some you know about, some you don't. Start building an inventory, learn what the critical classes of services are, guide your users to the right providers. Don't leave it to the business units to stumble in the dark and get this right - act as a partner to them and help them choose the right services.

Prepare: Breaches are inevitable. Different scales, you can do a lot to reduce risk, but you need to be prepared - extinguish the small fire before it becomes a massive forest burning hell. Preparing involves - logging, backups, drills. If you do those three things, you'll be better off than you would be otherwise. If you're already doing all three - consider how you account for logging of IoT, cloud services, dark assets. 

Have a great 2017.

Michael