The cybersecurity field is mired in secrecy. Security vendors tend to guard their threat detection and response protocols like the crown jewels, keeping them well and truly under wraps.
But Kenny Natiss says there are dire consequences to this level of secrecy. Black-box products, less-than-stellar integrations, and an overall lack of transparency are all symptoms of the detrimental subculture unwittingly created by cybersecurity professionals. Vendors continue prioritizing competition over collaboration, taking the industry further down the attacker-advantage path.
Something needs to change — and open security may well be the answer to providing better cyber safety for users, customers, and organizations.
Open Security, Not Open Access
Closed security may be excellent for vendors in the short term. Still, leading Chief Information Security Officers say open security (i.e., widely available detection rules and open code and artifacts) is the way forward.
Consider it a way of doing business — a methodology of sorts — that changes the archaic, secret way of conducting cybersecurity into a transparent, honest relationship with the company and its users.
The term “open” can incite fear in digital security professionals. However, this type of cyber protection isn’t about allowing access. Instead, it’s about encouraging across-the-board engagement to strengthen the security of users, customers, and vendors.
Crafting protection measures in the open landscape allows security professionals to see a product’s underlying code and test it before implementation. This doesn’t just save money; it deepens understanding of threat detection, security technology, and process simplification.
But perhaps most importantly, open security permits professionals to identify gaps or blind spots in a system’s code. It ensures companies can focus on removing holes in their security tech wall and develop risk profiles for emerging threats quicker.
Closing the Cyber Skills Gap
While the security silo-caused data breaches are dreadful, the constantly widening cyber skills gaps they create are just as terrible. Closed, proprietary security shuts doors in the faces of new-to-the-industry professionals.
Security has shrouded itself in a cloak, reducing its talent pool’s diversity, deterring graduates, and encouraging hard-to-understand tools. New cyber protection employees struggle to break into the industry without the ability to play with on-the-market tools.
Lowering the barrier to entry rests in the hands of open security. Accessible code encourages learning since they can develop a better understanding of how the technology works.
Transparency — The Key to Cybersecurity Maturity
The adage “security through obscurity” simply won’t cut it anymore. Cybersecurity professionals must break down their long-erected walls if they wish to achieve long-term protection.
Over the past ten years, the industry has changed drastically — and now it’s time for the next phase. Implementing open security creates opportunities, unlocks education, and empowers users.
Providers might be skeptical about opening security’s black box due to the ever-present questionable codes and bypasses within the industry. But forward-thinking professionals understand that open security can start righting this wrong. After all, it’s only a matter of time before consumers begin demanding transparency, forcing vendors to oblige.
In a phrase, open security is the future of cybersecurity.