When stay-at-home orders came down for much of the world in March, few businesses were spared the consequences of trying to operate amid a global pandemic, from personal loss and abrupt layoffs to revenue declines and logistical hardships.

Of course, budgets have also been impacted, and facing the same indiscriminate fate, no individual department has been spared, including cybersecurity. But what happens when an area of the business that is so relied upon to keep the company protected from the devastating financial repercussions of a security incident faces its own financial conundrum?

Retrenchment is problematic for any business group, but for security teams already suppressed by skills challenges, things can get particularly thorny,  especially as cybercriminals lean on a wary public to advance their attacks while organizations open themselves up to new data breach opportunities owing to a surge of remote workers. And if your security is suffering, you can only assume others are as well, including the third-parties you rely on for critical aspects of your business.

Yet not all is lost. While big security projects requiring a lot of moving parts may be postponed, regulations and evolving corporate attitudes around risk mean your budget is likely to be at least partially sheltered from any serious reduction.

Priorities, however, will shift, driven by the telecommuting boom. According to a Check Point Software Technologies survey this week, IT and security respondents are now most concerned about unsecured endpoints, unmanaged mobile devices and phishing attacks. This will prompt the need for technologies like endpoint detection and response, mobile device management and multifactor authentication.

> A Technical Guide to Remote Security Operations (Free Download)

Even if your budget goes untouched  – or perhaps even grows  –  during the pandemic, your spending will certainly be under increased scrutiny. And with a majority of companies in one recent study reporting that their cybersecurity investments fail, you will want to ensure not only that the areas where you are allocating capital are worth it (consider that the average business runs dozens of security tools) but that you are also taking process- and technology-driven steps to improve the efficiency of your security stack.

3 Best Practices to Managing Your Security Budget

These are the three key points that will help you  overcome spending restrictions triggered by COVID-19.

1) Evaluate and Audit Your Security Stack

To begin, think about the processes you and your team spend most of your time performing, with the caveat those may have changed  because of the pandemic. By examining every process with a fresh eye, you should be able to discover what the overarching goals of the process is and whether the process is achievable for your current team and tool set. 

Following the evaluation process, you should perform an audit to confirm controls are operating appropriately and performing as expected. You may want to couple the audit with a risk assessment considering new exposure points have likely popped up in recent weeks and months.

2) Rise to the Cloud

Until recently, many of the tools that security teams used, from SIEM to endpoint security, were deployed on premises. Fast forward to 2020, and things are different. The vast majority of new SIEM deployments are cloud based, as are  endpoint detection and response (EDR) platforms, and even the most legacy on-prem tools, including firewalls, are shifting to the cloud. 

The advantages of cloud deployments are clear – time to value, cost effective, less complex – attributes that are especially critical in a budget-conscious business world needing to cope with decentralization and distribution. 

Of course, it is not just the security tools that moved to the cloud. The networks and assets that security teams need to secure increasingly call the cloud home. Security operations professionals are increasingly demanding use cases that predominantly or exclusively leverage cloud-native security tools (think AWS GuardDuty, Azure Security Center or Google Cloud). 

3) Automate the Management of Security Issues

Even without a global crisis forcing a new work-from-home remote normal, organizations still would be plagued by the common themes of an active threat landscape: an overload of alerts emanating from a disparate network of security tools. Now add new risks with the inability of analysts and engineers to tap one another on the shoulder to collaborate on active cases, and you have a perfect storm necessitating faster and more informed decision making.

Security automation, orchestration and  response (SOAR) can provide a single workbench from which all analyst activity is managed and accessible across your team, ensuring efficiency and productivity are not disrupted, thus helping to maximize your security budget. Gartner estimates 30% of enterprise organizations with a dedicated SOC will include SOAR by 2021, up from 5% in 2018.

In addition to all the elements of tasks and cases that you can automate with SOAR, leading to fewer missed alerts and false positives and faster and more precise response workflows with none of the redundancy and monotony usually associated with alert collection and enrichment, SOAR can help significantly reduce mean time to detection (MTTD) and response (MTTR), potentially yielding a huge cost savings for the business.

SOAR also helps you make the most of your multitude of existing security tools by facilitating their integration. This increases the ROI you can extract from your existing security investments. Without the orchestration element of SOAR, a disjointed ecosystem of tools and processes can leave SOC teams to manually go on digital scavenger hunts across multiple systems to effectively do their jobs.

Finally, SOAR enables turnkey case reporting that includes metrics to provide insight into the performance of your team and the tools they’re using.

Free Resource: The No-Nonsense Guide to Security Operations Metrics

Conclusion

Applying these recommendations will help enable intelligent security operations that can support the current status quo and embrace future change.  Siemplify Cloud is the first and only cloud-native SOAR platform designed for security operations in the digital transformation era, delivering rapid time to value and ensuring your analysts always stay collaborative and unified across all environments, including globally distributed SOCs.

Dan Kaplan is director of content at Siemplify.