Ad Image

Standardizing Cybersecurity: The Need for Interoperability

Interoperability

Interoperability

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Juan Vargas, Cybersecurity and Engineering Consultant, makes a case for the need to standardize cybersecurity through interoperability.

Expert Insights badgeAfter 20 years of operating critical national infrastructure programs, power companies have begun to understand and simplify them. Today, many of the largest utilities work with vendors to design and implement their cybersecurity programs. Looking ahead, companies see their programs’ future as converging into a single cybersecurity strategy for the entire corporation, requiring software developers to agree to some interoperability standard that doesn’t exist, yet is crucial to merging IT and OT operations. This consolidated interoperability framework combined with cybersecurity standards would level the playing field for quicker adoption of new technologies, lower barriers to entry, and lead to technological improvements for years to come. More importantly, it would allow corporations to customize their cybersecurity strategies at a lower cost and with less reliance on third-party vendors, retraining, or security personnel. Accomplishing this requires a focused progression toward standardized and interoperable cybersecurity solutions.

Interoperability is the ability to pass information from one application to another so that they can do a better job together than each can achieve on its own. With the rise of interconnected devices, ensuring that all cybersecurity applications can communicate and share data effectively is more important than ever. Interoperability is also central to keeping data and systems secure from cyber-attacks. This can range from ensuring the language and alphanumeric cues that developers use across applications remain consistent and understood, to utilizing application programming interface (API) technology to allow different applications to interact with each other. Interoperability is crucial in cybersecurity because it allows different security applications to work together seamlessly, creating a stronger defense against cyber threats. That said, even APIs don’t have consensus on interoperability, creating challenges for organizations in need of solutions.

Download Link to Data Integration Buyers Guide

Why the Current State of Cybersecurity Calls for Interoperability

Imagine if instead of being sold a car, individuals were sold car parts and left on their own to create something that functions properly and passes all safety requirements, or else be fined. This concept might be exciting for car experts, but the majority of people need a car right away and don’t possess the skills necessary to build one. Individuals want a car, not parts. Like this example, businesses want a holistic, functional cybersecurity solution, not just the parts. This demands interoperability.

Without interoperability, security systems may not be able to detect and respond to threats quickly or efficiently, leaving individuals and businesses vulnerable to attacks. According to IBM’s 2022 Cost of a Data Breach Report, 83 percent of organizations have experienced more than one data breach, and 45 percent of those breaches occurred across cloud-based applications. A single cybersecurity strategy can help streamline security operations and reduce the complexity of managing multiple systems, especially as organizations shift to more cloud-centric operations. Most importantly, an interoperable system allows cybersecurity to be viewed as a holistic strategy, rather than patchwork fixes across the entire business ecosystem. With interoperability, cybersecurity expands from one-time solutions such as anti-virus software or identity access solutions to a big-picture strategy that allows organizations and their IT or OT teams to leverage a suite of cybersecurity products seamlessly. From there, they easily make changes, additions, and replacements over time.

Interoperability Standards Create Better Cybersecurity Solutions

While it’s clear interoperability is a key component of a comprehensive cybersecurity strategy, there is no standard protocol for creating interoperable systems without a dominant organization or entity imposing high standards. Think of Apple imposing device standards with their consistent iPhone innovations. This lack of interoperability compliance and market standards results in a lack of uniformity that puts businesses at risk. Yet, change is happening. According to ESG’s 2022 cybersecurity professional research report, 21 percent of organizations are consolidating the number of security vendors they do business with, and an additional 25 percent are considering it. With a disconnected network of too many vendors, there has been no holistic view of what a full cybersecurity solution is, prompting a series of challenges for a variety of organizations, particularly those with legacy systems or complex business processes that demand priority, resulting in limited internal resources.

Take critical infrastructure organizations, for example, which face particular challenges when it comes to cybersecurity. Critical infrastructure organizations include those in the financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sector industries. The average cost of a data breach for critical infrastructure organizations in 2022 was $4.82 million USD. That’s $1 million more than the average cost for organizations in other industries. This problem starts with internal cybersecurity expertise for two main reasons. First, these types of organizations operate on tight budgets and long-term schedules, which often means they cannot afford to maintain large cybersecurity teams. Hiring one cybersecurity specialist per power plant, for example, would require the organization to invest in training, support, and salary increases for these employees, which is not always feasible. Second, traditional career paths with clear upward momentum, such as promotion from Engineer I to Engineer II, do not exist in these critical infrastructure sectors when their primary focus lies elsewhere, such as energy.

When an individual is the only employee within that path it leads to a dead end for professionals in the field. Even if the organization has the resources to invest in a cybersecurity team, these professionals are in high demand, often resulting in shifts to positions with higher salaries, remote work opportunities, or more prestigious companies. The alternative is to outsource cybersecurity to IT professionals who work remotely from corporate offices but lack an understanding of the specific processes or trends of that industry, leading to potential security vulnerabilities and risks to operations. The most viable and least risky approach has been to train existing engineers in cybersecurity, enabling them to better protect critical infrastructure organizations while leveraging their industry expertise. With an interoperable cybersecurity system, this possibility becomes a reality.

Simplifying Cybersecurity for the End-User

The solution is to standardize the individual elements of cybersecurity so the entire system can play well with each other and streamline the process for any business in any industry, rather than require dedicated, siloed solutions or hyperspecialized knowledge. Instead of a mixed bag of software products that require specific knowledge for each, standardization promotes a single organization-wide cybersecurity strategy that be plugged into their current architecture. Accomplishing this goal demands established standards for technology, data entry and organization, legal compliance, and access management. With these standards in place, it’s possible to establish cybersecurity metrics that promote interoperability across any security need, integrated with the applications businesses already use. It promotes cybersecurity as ongoing effort with a centralized solution, rather than scattered across different parts of an enterprise.

The results are multifold. First, it becomes easier to make incremental changes when new product innovations arise in the market that a business wants to adopt or experiment with. Second, interoperability lowers the amount of money spent on third-party experts to keep various software working together without security risks. Most importantly, it allows end-user professionals across all industries to focus on their day-to-day responsibilities, rather than balance a multitude of systems to keep their data secure. Again, end-users are in need of the car to solve a need to get from point A to B; they don’t want to spend hours or days figuring out how the car works.

Interoperability Enables a Big-Picture Perspective

Interoperability enables the integration of different security systems into a single solution, creating a more robust defense against cyber threats for any industry. With the increasing reliance on vast networks of interconnected technologies and cloud applications, interoperability is more important than ever. Add the evolving threats behind cybersecurity attacks, and the need only increases. By ensuring that all security systems can communicate and share data effectively, organizations can detect and respond to threats more quickly and efficiently, if not avoid them completely. Interoperability streamlines security operations and reduces the complexity of managing multiple systems, making it an essential foundation for building a cybersecurity strategy that can envision the big picture.

Download Link to Data Integration Buyers Guide

Share This

Related Posts