Applying the Swiss cheese model to cyber resilience

Published: Thursday, 11 August 2022 13:22

The Swiss cheese model is a risk management technique that is transferrable to cyber resilience management. Thomas Muller-Martin explains what it is and describes the benefits of such an approach.

Throughout the COVID-19 pandemic, multiple layers of imperfect protection have been employed in the hopes that they would make a much bigger impact than overdoing a single protection layer: the combination of masks, vaccination, social distancing, travel restrictions, remote work and more. A similar approach can work for cybersecurity and identity management – but only when done right. Let’s consider what that could look like and how to get there.

What is the Swiss cheese model?

The Swiss cheese model is often used in risk analysis and risk management. It essentially likens systems to multiple slices of Swiss cheese, stacked side by side, with threat risk mitigated by the different layers and types of defenses / defences that are ‘stacked’ next to each other. The theory is that lapses and weaknesses in one defensive layer don’t allow a risk to materialize, because other defenses also exist. In other words, you can prevent a single point of failure.

To a certain extent, this can be applied to enterprise security. While more and more solutions are built around identity as the perimeter for security, it’s still increasingly important to have multiple security layers implemented. In particular, this model can help you understand why a well-thought out, multilayered approach of defenses is needed – especially when there are humans involved. Essentially, humans are often the ones who create the ‘holes’ in the Swiss cheese model, and the holes must be addressed.

When your multi-factor authentication (MFA) solution gets hacked or you suspect you’ve got a malicious insider, it’s important to know you have the tools in place to detect anomalous activity. In other words, you should be able to have confidence that you have other security mechanisms implemented. You need a second – and a third – line of defense. You need to have other tools in place to ensure that your employees’ accesses are securely governed and reconciled with a solution that provides strong governance capabilities and integrates with all of your business-critical systems. And obviously, reducing the attack surface is essential.

Don’t blindly adopt the one-stop shop mentality

Especially when tackling the most important issues like identity security, and access and authorization, choosing best-in-breed tools that are full-featured and singularly focused on those issues is the recommended approach.

It’s important not to just select solutions from the same vendor for the sake of convenience; though a one-stop shop may seem easier, it will also make companies even more dependent on the security posture of single vendors. Ensuring you are really choosing the best-of-breed solutions for each purpose is key.

Finding the ideal solution

A multilayered approach is the best, but you shouldn’t just pick those multiple layers from one vendor. This model will only work if you’re carefully choosing each ‘layer’ of your approach. As companies look to reduce or consolidate the number of software vendors (or get a highly discounted bundle as an incentive,) it can be tempting to simply pick the solutions offered by one or two vendors without going through a full evaluation to ensure you’re truly selecting the best-of-breed option. There are many companies, for instance, that buy identity access management (IAM) in a software bundle, not caring whether it’s a good fit for their needs.

But the ideal scenario entails picking the best-in-breed solutions for the most critical spaces, including identity governance and administration (IGA), privileged access management (PAM) and security information and event management (SIEM), but making sure that they ‘play nicely’ with each other so that data can be shared across different channels and be easily aggregated, interpreted and acted upon. Other solutions to consider include single sign-on, consumer identity management, data access governance, IT service management, role mining and third-party identity risk solutions.

Some enterprises have selected a PAM or access management solution already. Adding a ‘good-enough’ component that’s not focusing on interoperability may cause costly customization, make you dependent on a single vendor, shorten the lifespan of the solution that you have previously implemented, or lack efficiency. That’s not good enough, after all.

With the rising significance of identity access management for modern security, many organizations are realizing they need solutions that are agile enough to adapt to changing business needs, can scale and yet are simple enough that they don’t require the creation of a highly customized and individualized solution for a common problem.

Filling the holes

When humans, whether intentionally or not, poke holes in one of your safeguards, you want the security layers stacked up against it to do their job and keep threats out. For this Swiss cheese model to work, you need multiple lines of defense, and all those lines need to work together. A single vendor won’t have all the solutions you need. There is no one-size-fits-all solution in modern enterprise security but rather more and more demand for interoperability. Do your due diligence and choose your identity and other security solutions wisely so that nothing can get through your ‘holes’.

The author

Thomas Muller-Martin, global partner technical lead, Omada.