This has been a challenging year for businesses. Operating models were overhauled as the majority of companies sent their employees home due to the COVID pandemic. Organizations forced to develop on-the-fly remote workplaces were also pressed to deal with challenging security priorities. Employees using their own devices can put a network and company data at higher risk.
Yet, this was the reality that many organizations have faced and will need to address in the coming months. Gartner has predicted investment in cloud access security broker to increase by 41 percent as well as an increase in encryption software users by 24 percent. The research organization also expects to see a 20 percent increase in threat intelligence for the coming year. All of this points to the importance of having the right security priorities in place.
Organizations looking to tighten up their security can take a number of steps to protect their data, information, and employees. These steps include simplifying cloud access, using passwordless authentication, and developing a framework for cloud security posture management, among others.
Classify and Protect Your Data
One of the most important steps in developing the right security priorities is to understand what is being protected. The reality is that some data is more valuable than others. Organizations should not take a one-size-fits-all approach to protect information. This will hinder business operations and lead to redundancies in the organization. Rather, your security priority process should have a method to classify data and identify the information that needs more protection. It is also vital to have a mixture of automated and manual classification protection for your organization. The step of classifying and protecting data should begin with definitions and policies. Then, you can search out the right tech tools to streamline the process.
Simplify Cloud Access
Most organizations use a cloud access security broker(CASB) to simplify cloud access controls. Using a CASB companies are able to conduct real-time security control enforcement, protecting their data and information in the cloud. This security priority may also allow organizations the flexibility to begin using API mode or some form of monitoring mode of operation. Flexibility is vital for security teams to identify and track a security event even before blocking has begun. Two key aspects that lend themselves to simplifying cloud access include compliance reporting as well as usage monitoring. However, it is important to handle these elements with sensitivity as many employees may resent being monitored in their own homes. Be sure to communicate to employees the importance of security, your organization’s security priorities, and the aspects of cloud access for your organization.
Implement Passwordless Authentication
While the most common way to verify authentication has been the use of passwords, they are not as secure as they need to be. Single-use credential verification is not strong enough to meet the security needs that organizations have today. One of the biggest problems is that employees use the same password or passwords. It is important that businesses make this one of the top security priorities and use passwordless authentication options. This includes multifactor authentication and some organizations may also want to consider zero factor authentication. While passwords may still be a part of the access protocol, they should not be used alone. The key is to educate your employees about the risks of password-only authentication and promote passwordless authentication methods.
Automate Your Security Risk Assessments
Automating a security risk assessment for your organization may be more challenging than the other steps but it is an important aspect of security priorities. Unfortunately, according to research done by Gartner, just over half of security leaders do a risk assessment for new projects in the organization. Yet, this step can provide your company with key information to develop a protection plan for each project. A simple way to implement security risk assessments is to automate them. Knowing what the risks are and any gaps in risk assessment will help your organization to provide effective security measures.
Develop a Framework for Cloud Security Posture Management
Ensuring the security of business data is where policy, process, and company culture intersect. Even though the issue is more policy-focused, people and processes are key to the success of cloud security strategies in any organization. Developing a framework for cloud security posture management includes the ability to identify risks and having successful alerting methods in place. This can involve investigation of cloud audits and other cloud events around business operations. The result of these activities will be a framework for cloud security or control catalogs.
Bringing it all together
COVID-19 has pushed businesses into making changes that have disrupted security priorities. Moving into 2021, it is important that organizations adjust their security priorities to protect company data and information. While work-from-home policies require a higher number of devices accessing your company network, it is important to develop a strategy around this access as it can also bring about higher risk.
There are a number of steps that organizations can take to improve their security. The most important way to protect your data is by putting security priorities in order from classifying and protecting the right data to using passwordless authentication to having a framework for cloud security posture management.