top of page
Search

From modern data stack to security metrics

Guest author Omer Singer, Head of Cybersecurity Strategy at Snowflake, weighs in on cybersecurity predictions for 2023


Illustration. BIGSTOCK/Copyright: May_Chanikran
Illustration. BIGSTOCK/Copyright: May_Chanikran

Prediction 1: Cybersecurity will finally join the modern data stack.

In 2023 we will see more security teams leveraging modern cloud data lakes, which provide a consolidated view of all security data, alongside business and IT data, to greatly improve an organization’s security posture. Gartner and Forrester have both identified this as an emerging trend, and I expect to see it accelerate even more next year.


Security data lakes no longer need to be “DIY projects” based on Hadoop and homegrown tooling. Recent updates to leading security products enable them to run directly on top of an enterprise’s existing cloud data platform.


That way, cybersecurity teams have a much lower barrier to using the same data platform as the rest of their organization. The economics of the modern data stack, with the cloud data platform at its core, will drive savings and while better data analytics capabilities will translate to higher fidelity insights for security teams.


Prediction 2: OCSF will become the vendor-neutral standard for security data.

In 2023, we will see increased support for the Open Cybersecurity Schema Framework (OCSF), an open source project designed to create a consistent vendor-neutral data model for security information.


Almost two dozen security and tech companies are already on board, and next year we will see more leading vendors move this towards a security industry standard.


OCSF addresses an important challenge for security teams, such as managing increasingly complex environments that extend from the cloud to home offices and a bevy of security tools.


Collecting and normalizing data from these sources takes time and money, and slows threat response rates. OCSF’s open standard for data producers and consumers, and a simplified taxonomy, accelerates data ingestion and analysis for security teams — in turn driving increased benefits as more companies line up to support it in the coming year.


Prediction 3: Board members will demand timely and actionable security metrics.

The rise of security data lakes in the cloud will make it much easier to generate near-real-time reports around critical security metrics.


We’ve already seen increased interest at the executive level in this type of data, and in 2023 board members will demand transparency through quantified insights on the company’s security posture, areas of weakness, and rate of improvement. While standard in other departments, cybersecurity has been late to provide this kind of visibility.


The author, Omer Singer. Photo courtesy Snowflake
The author, Omer Singer. Photo courtesy Snowflake

Quarterly reports and PDFs are no longer sufficient given the intense scrutiny companies face over their security-related activities. Executives want near-real time dashboards that allow them to drill down and assess their organization’s security posture such as incident response times, patch latency, asset inventory completeness, third-party risk management, and employee offboarding. In addition, many directors sit on multiple boards, which means this practice will quickly spread across organizations. Expect that cross-company data sharing will be leveraged to establish peer comparisons and inform executives of how their progress compares to others in their cohort.


Watch for collaboration between security and data teams to establish modern data sharing in a governed way that supports sharing of key metrics within infosec groups, while preventing sensitive information from getting out.


Written by Omer Singer, Head of Cybersecurity Strategy, Snowflake.

112 views0 comments
bottom of page