Illustration by iStock; *Security Management*

How Device Data Plays a Key Role in Dynamic Risk Assessments

By Greg Newman

13 November 2023

Dynamic is an interesting term to use when talking about risk assessments because it tells a story about the changes security has seen over the last several years—and the improvements that have been made to how security leaders identify and manage risk.

Historically, security risk assessments have been done as a “snapshot in time,” not accounting for changes in the ever-evolving risk environment. Without real-time data feeding dynamic reports, risk assessments would previously become quickly outdated, resulting in leaders basing strategic security decisions off of inaccurate data.

Currently however, the industry is seeing a significant shift toward dynamic risk assessments; that is, the continuous process of identifying, assessing, and taking action to eliminate risk using data-driven insights. Forward-looking security practitioners are now leveraging data to ensure risk assessment outputs reflect real-time security environments, reducing the need for global travel among their teams and resulting in insights that have a far greater impact on security operations, business investment, and resource allocation.

The Role Device Data Plays

As security functions take the leap toward dynamic risk assessments and teams begin to leverage multiple streams of security data to measure risk, one pain point is proving harder to overcome than the rest: device data.

Device data tells security practitioners what kind of technical security controls are in place and how well those controls mitigate against any variety of security threats. While a standard site assessment might determine whether or not a site is equipped with a type of security system, it is only with device data that we can determine how well those systems are functioning. Without actionable device data, it is nearly impossible to accurately measure risks posed to company assets.

Here are some common challenges when leaders attempt to leverage device data for dynamic risk assessments:

Disparate security devices are the “norm.” As many security leaders will tell you, it is not uncommon to have multiple security systems and device types monitoring assets at the same organization. Security teams often inherit disparate security systems across their portfolio, which results in noticeably different reporting capabilities and data types available from those devices. This variance in device type and subsequent data output makes it a challenge to collect, standardize, and analyze device data in meaningful ways.

Devices are not configured appropriately to collect the most relevant data. For security practitioners with less technical knowledge, it is easy to assume that security devices are configured to collect as much relevant information as possible. This is not always the case, and devices often require unique configurations to optimize data collection and reporting capabilities. Security teams may be losing out on years of impactful security data if devices are not appropriately configured at installation.

[ Stay Aware of Threats. SM7 Newsletter: Sign Up ]

Systems data is unstructured and overwhelming. Device data, in its unstructured, raw form is nearly impossible to manage without the support of technical resources to clean, query, and visualize the data. While there are proactive steps security professionals can take to ensure device data is usable, teams looking to leverage this data will always require the support of analysts to facilitate meaningful, quantitative security analysis on otherwise unruly datasets.

Improving Device Data to Help Assess Risk

As a security practitioner looking to leverage device data for dynamic risk assessments, the first step is to unlock and enhance the data. Disorganized device data is too noisy to be effective. Practitioners should evaluate their data and work to reduce false positives and increase noise reduction capabilities such that outputs are informative and not distracting.

For example, if a regional security director has seven offices in different locations and wants to understand the overall risk profile of each site, device data can help inform which locations have dilapidated infrastructure, what the frequency of real security events is, and where additional enterprise spend might be necessary to mitigate against threats in that local environment. That said, if device data is noisy and muddied by duplicative alarms, overwhelming false positives, and limited insight into device health, it becomes nearly impossible to differentiate between the effectiveness of security controls when compared across various sites. A lack of insights in this category hinders the ability to make strategic decisions based on real data.

It is worth noting that this example applies to all data being used in dynamic risk assessments. If you can’t home in on the accuracy of your data, then you can’t look at trends that exist and make better decisions for the business as a result of the incoming, real-time information. The key to addressing this challenge is prioritizing clean data collection, analysis, and reporting functionality that allows security teams to dynamically assess the ever-changing threat environment to keep people, assets, and the brand safe.

Greg Newman is the vice president of operations for HiveWatch, a technology company reimagining how companies keep their people and assets safe. Newman oversees the company's virtual global security operations center, ensuring optimized incident response and communications for clients.