5 Best Practices to Successfully Connect Systems in Your Technology Ecosystem
Integrating technology-based security solutions with manned guarding has gained significant traction, encompassing a wide range of applications. These include situational awareness and threat intelligence platforms, risk mitigation planning, and remote video and alarm monitoring. Major events such as natural disasters, cyber threats, violent hate crimes, and pandemics have consistently acted as catalysts for technology adoption. Even after the crisis subsides, businesses recognize the inherent value in these new approaches and continue to expand their utilization of technology in security operations.
When considering how technology can enhance your security program, numerous solutions and use cases may pop into your head. But what should you truly prioritize, and how does it fit in with the systems already established throughout your company? The significance of integrating your current and future technology partners to establish a shared operational view cannot be emphasized enough.
A recent report from Gartner on integration maturity models revealed that organizations that lack a formal structured approach to application integration increases the risk of not meeting the demands for faster time to market for innovation and increased business agility. Therefore, having a well thought-out approach to integrating your systems is essential to ensuring your technology ecosystem’s success.
“We always strive for a ‘single pane of glass’ approach. Our intel team works onsite and plots our key facilities and key personnel we’re concerned about. We integrate many platforms into our GSOC so we can see alerts, but can also see where the action came from,” said Matt Siegel, Asst. Deputy Director, Operations Command & Coordination at Secure Community Network (SCN), the official safety and security organization of the Jewish community in North America.
Imagine having a comprehensive and unified view of security for your organization. From a technology perspective, this common operating picture entails integrating various systems, data sources, and tools to create a holistic view of your organization’s security posture. But where do you start?
Prioritize which systems to integrate
Begin by assessing your existing security infrastructure, including the systems, technologies, and data sources you currently have in place. Take stock of what is working well and identify any gaps or areas for improvement, then clearly define your security objectives and priorities. What are the key areas of concern or vulnerabilities within your organization?
“For SCN, knowing what’s happening now – in real-time – as fast as we can know about is most important for us. An example would be the Colleyville synagogue hostage crisis. We received that information in the platform several minutes before the information was widespread. We prioritize staying ahead of things and allowing our team to have that direct intelligence of potential threat actors,” Siegel stated.
Use a top-to-bottom approach
Once you’ve decided on your priorities, aligning on the use cases and implementation of the integrations is critical. “It starts at the top with the executive leadership team, convincing them the integration is necessary and makes the job easier for analysts and security directors. Let them know how this will allow you to react to threats faster. From there, you have to have everyone involved from the top down,” Max Brawer, Protective Intelligence Manager at Coinbase shared.
“More importantly, you need to discuss with the analysts and security directors because they are the ones that are actually utilizing the technology and intimately involved in the process. There are times we’ve brought things up and analysts have said ‘no, we wouldn’t use something like that’ or ‘we already have a way of doing that’ so it’s important for the practitioners to be involved in those conversations,” he added.
Make sure security postures align
Integration is key to achieving a common operating picture of security. Look for technologies with robust integration capabilities that can seamlessly communicate and share data with other systems. APIs play a crucial role in enabling interoperability between different security solutions. Assess both systems from a cybersecurity perspective and ask yourself if these make sense to integrate.
“From the cybersecurity aspect of it, if you’re connecting two different companies, are their security postures equal to each other? If not, you potentially open up a back door to a threat actor through that, so it’s important to work through the cyber team to assess both and ensure there is parity between the two and you’re not degrading any cybersecurity protection,” Siegel added.
Communicate the value to the business
One of the most common issues security professionals face when championing a new initiative is demonstrating the value it will bring to the organization. Tailoring your messaging to resonate with different stakeholders ensures they understand the positive impact and tangible value that integrations can bring to the organization.
“We use a risk-based approach for everything we do. We start by identifying the risk we’re mitigating and clearly define what we are solving for with an integration. Process the risk, a mitigation plan, and calculate the costs – map it all out so the business can take a look at the risks and rank them. This shows the value proposition to the business and a clear path forward,” Brawer said.
Hire the right people
The right integrations are nothing without the right people manning the day-to-day operations. Hiring skilled analysts and security managers ensure that potential risks are properly evaluated, compliance requirements are met, vulnerabilities are identified and addressed, and the overall security strategy is aligned. But what skillset should you be looking for exactly?
“One key skill I always look for is diplomacy, someone who can work with different teams internally, but externally as well. Sometimes you may be working with competing vendors that have similar offerings, but you need to bring them together for your specific use case. You have to be able to work with those different account managers. Sometimes you may even need to loop in legal or marketing teams if it’s a bigger initiative, so diplomacy is a key skill in the right candidate,” Siegel shared.
“Having broad technical knowledge is also a must. Having someone with extensive programming background is great but that doesn’t necessarily mean that they understand how these different platforms work at the end of the day. It’s better to have an analyst with a broad familiarity with the types of systems you’re running and some knowledge on the backend, such as APIs.”
To learn more about enhancing your technology ecosystem, take a look at Ontic Resources.