It’s Time for Security Operations to Ditch Excel

Roee Shohat, Head of Go to Market

February 13, 2024

Security teams are hiding an embarrassing secret from the outside world. Despite their position at the vanguard of technology and all of its security risks and threats, their actual war plans are managed on, of all things, spreadsheets. It’s a far cry from the dark rooms, multi-screens and falling code most people imagine, and it’s also a universe away from what they actually need.

‍‍

Cybersecurity by Spreadsheets?!

Microsoft Excel and Google Sheets are excellent for balancing books and managing cybersecurity budgets. However, they’re far less ideal for tackling actual security issues, auditing, tracking patching and mapping asset inventories. Surely, our crown jewels deserve better. And yet, Security Operations teams are drowning in multi-tab tomes that require constant manual upkeep.

Using these spreadsheets requires Security Operations to chase down every team in their organization for input on everything from mapping of exceptions and end of life of machines to tracking hardware and operating systems. This is the only way to gather the information required on when, why and how certain security issues or tasks must be addressed. It’s no wonder, then, that the column reserved for due dates is usually mostly red.

Make no mistake, this is an industry-wide problem plaguing even multinational enterprises with top CISOs. Even those large enough to have GRC teams still use Excel for upcoming audits to verify remediations, delegate responsibilities and keep track of compliance certifications.

‍

It’s No One’s Fault

How has this remained under wraps to non-security folks for so long? Usually because, when reporting is due, the unluckiest team member is responsible for consolidating all of the information they’ve gathered into a far more palatable presentation slide. Teams with better luck might get to do this using PowerBI, but this is entirely at the mercy of how often IT teams update them and only work for on-prem systems.

It’s not like security teams and leaders use spreadsheets as their first choice. While there are available tools to use instead, options are limited, often too expensive, and require too much time or effort to implement. It may sound odd to those on the outside, but in most cases, it truly is faster and more effective to simply start an Excel sheet, export the information required from security tools or ticketing systems, and chase down relevant stakeholders on an individual basis.

‍

4 Methods to Streamline Security Operations

Thankfully, there are methods to streamline or, at least minimize, security team reliance on manual Excel work. Some do involve an initial investment, but for a substantial payoff.

Compliance Frameworks

Specialized tools for compliance frameworks and related issues can do wonders by automating and managing their highly complex workflows. They include solutions like Regulait, Anecdotes, and Vanta, which automatically manage access and gather evidence from various sources by seamlessly connecting with ticketing systems. Automation is critical for reducing the number of labor-intensive tasks related to access reviews, quality parameters, security settings and control implementation.

Audit Findings

Audit findings require intricate, detail-intensive work that GRC solutions can easily take care of instead. If this remains out of scope for audit teams, they can alternatively use a centralized tool to encourage a more structured approach. These tools can either be custom-built or purchased off the shelf to organize audit templates with far more functionality than what Excel has to offer.

Vulnerabilities

Many tools are available on the market to tackle issues like missing patches and vulnerabilities, such as code scanning, SCA, vulnerability scanners, CSPM and XDR. Security teams can consolidate data from these sources into a data lake in order to achieve better reporting and derive the best actionable insights for remediation.

Data-Lake Automation

Building automation on top of data lakes is a proactive approach to ensure that issue information is always readily available to relevant stakeholders. Even better, it can even facilitate automatic ticket creation. Not only does this approach save time, it also significantly improves how efficiently security teams can resolve issues.

‍

Purchase Considerations

When considering buying solutions, it’s always important to remain mindful of their adaptability. While they can be incredible time-savers for aggregating and correlating information, they can still present challenges around maintenance and customization to fit specific organizational requirements.

The most optimal choice, in addition to customizability, is a comprehensive solution that aligns the majority of an organization's security needs. These solutions must be able to streamline remediation processes to remain a cost-effective investment by freeing up time for security professionals to focus on critical security issues, rather than being tied down by Excel-based tasks.

‍

Ditch the spreadsheets and transform your remediation efforts with Opus. See for yourself how Opus can streamline your entire security remediation orchestration.