Skip to content

How to Build IT Resilience: Topics and Tactics

Resilience will be the key theme at this year’s RSA conference. To build your organization’s IT resilience, you need to start with endpoint visibility and rapid response for cyber incidents.

Perspective

We’ve learned a lot over the past year. We know that big, unpredictable events can happen at any moment. And those events can transform our IT environments practically overnight.

Most of all, we’ve learned that when those events happen, our ability to survive them — or even thrive during them — depends on the resilience of our people, processes and technology.

The RSA Conference has wisely picked “resilience” as the cornerstone theme for this year and years to come. In advance of the cybersecurity conference, we wanted to share some of the critical risks and opportunities organizations face around building resilience.

In this article, we cover:

  • Why resilience is so important, and how to develop it.
  • Some of today’s critical risks and opportunities around resilience.
  • Best practices and advice for building IT resilience.

Today’s biggest challenge: Building resilient IT systems

Resilience is a complex topic with a simple definition — your ability to maintain a secure, operational IT environment even when that environment rapidly changes.

Without resilience, your systems can break from the smallest changes and disrupt your business operations while opening new risks throughout your environment.

And over the past year, organizations have had a hard time maintaining resilience.

  • Their technology environments have grown far more complex and siloed.
  • Malicious actors have grown more efficient, sophisticated and opportunistic.
  • They have had to “keep the lights on” during crisis after crisis and were forced to sacrifice security and operations best practices to maintain continuity.

Foundational steps

IT teams are under tremendous pressure. They must maintain compliance with data privacy regulations, track and secure sensitive data across remote endpoints and manage an ever-increasing number of devices — all while enabling business growth.

For those IT organizations — and for any organization that wants to proactively build more resilience into their systems — we recommend a few foundational steps.

  1. Improve your endpoint visibility. You can’t manage and secure your environment if you don’t know what endpoints you have and what vulnerabilities they carry. Develop comprehensive, real-time visibility into the assets in your environment and maintain that visibility even if your environment rapidly changes.
  2. Consolidate your endpoint management tools. Currently, 55% of organizations use 20+ tools to manage and secure their endpoints. Each tool adds complexity, costs and clutter. These tools often don’t work well together or even share the same data sets, making it challenging to update systems, close vulnerabilities and respond to incidents quickly.
  3. Bring IT and security closer together. Resilience is a team sport. Your biggest security and operational threats revolve around the wealth of remote, unknown endpoints you flooded into your environment. IT and security teams must work together to simplify their environments, source accurate data, and manage and secure their new endpoints.

Consider these the table stakes for building resilient IT systems.

There are a few risks and opportunities that threaten or encourage resilience and deserve immediate attention.

Supply chain risk: The rude awakening

Most organizations now rely on dozens or even hundreds of third-party vendors. They give their vendors unprecedented access to their data, endpoints and networks. And, historically, they have had little-to-no visibility into the risk their vendors carry.

But the SolarWinds hack made it clear that ignorance is no longer an option and that organizations must take a few steps to protect themselves from supply chain risk.

  • Put pressure on your vendors to maintain and share comprehensive, real-time endpoint security and management data from their own environments.
  • Develop visibility into what third-party apps are running on your assets and what impact you would suffer if any of those apps were compromised.
  • Go beyond visibility, and develop the ability to respond to incidents caused by third-party vendor compromises rapidly.

Ransomware: The surging threat

Ransomware is this moment’s most common and highest-impact threat pattern. These attacks are often more expensive than other breaches, increasing in frequency, and target every industry. Just this week, one of the nation’s largest pipelines, Colonial Pipeline, was forced to shut down after being hit by ransomware. The result — gas shortages and panic.

These attacks follow a complex pattern. Malicious actors may take steps before, during and after the moment they lock their target’s systems and demand payment.

There is no silver bullet against ransomware. Any effective defense must be as complex and multistage as the attacks themselves.

  • Before the attack: you must be able to raise the barrier to entry into their network and reduce the chance of suffering an opportunistic attack.
  • During the attack: you must be able to remediate the attack and evict the attacker fast enough that they do not feel compelled to pay the ransom.
  • After the attack: you must be able to harden their environment and ensure the attacker is truly gone and can never compromise their network again.

Zero Trust: The new security model

The move to remote work dissolved the traditional security perimeter. It also changed most organizations’ assumptions about keeping their networks safe.

Many organizations embrace Zero Trust as their new model to authenticate access to critical resources from their increasingly dynamic, distributed workforce.

To bring Zero Trust to life, organizations must follow a few core principles.

  • Authenticate endpoints, not just users. Devices must pass checks on their health and hygiene before they are allowed to access organizational resources.
  • Feed your ecosystem with real-time data. Zero Trust performs real-time authentication of users and devices and needs equally fresh data to operate.

Tanium Staff

Tanium’s village of experts co-writes as Tanium Staff, sharing their lens on security, IT operations, and other relevant topics across the business and cybersphere.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW