How to Control Drift Without Breaking Operations

We’ve already talked about hardening, we’ve already talked about ransomware, we’ve already talked about drift. In this new episode, we’ll look at: How do you control everything in an environment that is constantly changing, knowing that security degrades over time, without breaking operations?

Every security team wants more control. But every time they try to implement it, friction appears: “That blocks the user,” “That’s going to slow us down,” “That breaks the workflow,” “That’s not practical for the business.” So the inevitable happens: control is relaxed, exceptions increase, and the environment becomes permissive again. And drift returns.

Many organizations believe there are only two options: apply strong control, even if it impacts operations, or allow total flexibility, even if it carries high risk. However, this is the wrong way to look at it, because the problem is not the control itself, but how that control is implemented.

In practice, control tends to fail for several reasons, and in LATAM this problem is especially evident—not because organizations don’t understand security, but because the operational reality is different. On one hand, many processes are still manual, with decisions that depend on reviews, tickets, approvals, and point-in-time audits; this doesn’t scale, and when something doesn’t scale, it simply stops being done. Added to this is the lack of continuous visibility: there is an understanding of how the environment should be, but not how it actually is at any given moment, and without that visibility, real control cannot exist. Additionally, exceptions accumulate easily, starting with a “just for now” that is rarely revisited until it becomes permanent. Finally, tools are often disconnected from each other; although many organizations have EDR, SIEM, patching, and monitoring solutions, none provides a comprehensive view of the security posture, so each tool sees only a part while no one governs the whole.

“Frictionless control” is not about removing controls or making everything more flexible, but something smarter: integrating control as a natural part of operations. When properly implemented, control is not perceived as a barrier, but as something that is simply there and works without stopping the business. It is characterized by being continuous, as it does not depend on audits or point-in-time reviews but happens all the time; consistent, because the rules remain the same whether the endpoint is inside or outside the network; automatic, since it does not require constant human intervention and the system can correct deviations on its own; and contextual, because not everything is controlled the same way, but rather priority is given to what truly reduces risk.

To better understand this, think about city traffic. If everything were controlled manually, there would be police officers at every corner, decisions made case by case, and constant intervention, which would inevitably create chaos and would not scale. In contrast, a well-designed system has automatic traffic lights, clear rules, visible signals, and an optimized flow that allows traffic to keep moving continuously, but within a controlled framework. That is exactly what frictionless control is: it doesn’t stop movement, it organizes it.

Organizations don’t need to transform everything overnight, but they can start with concrete actions such as defining a minimum viable baseline, where the goal is not perfection but consistency. From there, it’s key to focus on what truly matters—not trying to control everything, but prioritizing elements such as privileges, remote access, software execution, and critical configurations. It is also essential to measure constantly, not through sporadic audits, but in real time or as close to it as possible, while minimizing manual work as much as possible, since everything that depends on constant human intervention eventually fails. Additionally, it is necessary to make the real posture of the environment visible—not just incidents, but the effective system configuration. At its core, the mindset shift is the key point: security is not about blocking, but about maintaining control without slowing down the business.

In the LATAM context, where teams are usually small, environments are complex, and ransomware is growing, control cannot be heavy, manual, or dependent on slow processes; on the contrary, it must be continuous, automatic, and scalable. Seen as a complete story, hardening defines how the environment should be, drift explains why it degrades over time, ransomware takes advantage of that degradation, and control is what keeps everything aligned. Ultimately, many organizations believe they need more tools, but the reality is different: what they need is more control over what they already have, because in the end it’s not about adding technology, but about not losing control over time.

Sources of Information
Verizon – Data Breach Investigations Report (DBIR) 2025
https://www.verizon.com/business/resources/reports/dbir/
Microsoft Digital Defense Report
https://www.microsoft.com/security/business/microsoft-digital-defense-report
CrowdStrike – Global Threat Report
https://www.crowdstrike.com/resources/reports/global-threat-report/
Check Point Research – Cyber Threat Landscape Reports
https://blog.checkpoint.com/category/research/
Center for Internet Security (CIS) – CIS Benchmarks
https://www.cisecurity.org/cis-benchmarks