I was inspired by my colleague Andrew Cochrane’s perspective on Bob, his fictional character with a desire to manage his datacentres, remotely from Hawaii.
But, as a result, I’ve started to worry about other fictional characters! As the rest of the company starts to follow’s Bob’s lead of working from a sunny beach, what about the others for whom this might not be so easy? What about the people that are left still needing to secure the business yet don’t feel like they have the control and visibility they normally have?
To give myself more mental space and to find a solution I’ve signed up to the Headspace app, which in turn has allowed me the space to think of some creative approaches to give these fictional souls some visibility and control back.
Identity & Authentication
Ensuring that users are correctly identified and authenticated is the first step to security harmony. As businesses continue on their drive towards digitisation they will typically see an increase in the number of applications and platforms users interact with. In turn, this creates the need to reduce user burden of needing to login to multiple systems and reduce the likelihood of users choosing weak or repeatable passwords. The challenge faced in integrating these systems is first identifying which applications are in use, and then integrating them into the SSO platform. Prioritising the most common or important applications can help create a short list of targets that are going to have the biggest impact.
Once users are correctly identified in an application, authentication is the next challenge. This is a balancing act between usability and security. I would put the user first in almost every scenario: making it as simple as possible will maximise the likelihood of user adoption and provide you with brownie points should you need them to make use of more complex authentication requirements for certain applications or scenarios. When building your authentication flows try and create some standards that can be applied multiple times. It can be tempting to over-complicate this to make it more secure, but the IT operational overhead and risk of incorrectly applying a policy will likely negate any benefits. Keeping a simple high, medium and low risk authentication flow will pay off in the long run.
Connecting your newly minted identity and authentication platform to your existing monitoring tools will ensure you won’t miss any attempts to compromise your applications. There is a massive amount of value that can be taken from these authentication events; if you don’t have the skills or platforms in-house consider working with an outsourced provider, who can monitor this for you 24x7, giving you greater peace of mind.
In the event of something going wrong, having a plan helps to ensure everyone is clear on how to respond and who can help. Incident Response planning in basic form will contain:
- A list of roles and responsibilities for the incident response team members
- A summary of the tools, technologies and physical resources that must be in place.
- A list of critical network and data recovery processes.
- A communication plan, both internal and external.
The support of an external specialist party can really help when things go wrong. Experts who are able to rapidly identify, contain and eradicate a threat can reduce the time to recovery. Find an organisation who is able to support you 24x7 as Cyber Security incidents don’t take days off or follow working hours This gives you the knowledge you have a partner in place without having to invest in fixing things after the event.
Giving users guidance on how to best protect themselves online can dramatically reduce the likelihood of organisations being compromised. The majority of Cyber Security breaches start via Phishing or social engineering that aims to gain an initial foothold in a customer’s environment, so arming your staff with basic knowledge of typical methods can really bolster their resilience to these types of attacks. With continual training your staff can become a brilliant asset for detecting attempted attacks early, and provide IT security with a heads up to proactively respond to these threats.
Social engineering and other types of digital fraud exploit weaknesses in business process and use them to get staff to unintentionally share information or process fraudulent requests. The risk of these types of attacks increases when users are not clear on the expected process or if they feel unable to turn to a team member and ask for help. Identifying high risk business processes and providing clear guidelines will help to ensure staff are clear on how to validate these requests. Consider creating a fraud email alias, or instant messaging channel, which help to minimise risk by enabling staff to quickly get help or share unusual requests.
Cloud Endpoint Security
Understanding the status and health of your endpoint security solutions is important when staff are accessing systems from remote locations. Ensure updates are being deployed , make sure that you are able to identify the latest malware strains and keep endpoints running. Cloud based management platforms make this task easier by moving the solution into public environments and removing the need to manage and maintain the systems.
More advanced solutions will offer the ability to remotely respond to cyber security alerts providing you with a range of tools to identify, contain and eradicate malicious activity. They give you the ability to perform security operations tasks without needing direct access to the device.
Cloud App Security
These technologies provide visibility of data moving between cloud applications and devices, allowing you to make decisions to restrict, secure or redirect users. These technologies will ensure that you have a complete understanding of the systems being used by staff in your organisation. With increased visibility, it can be tempting to apply restrictions, but we find that engaging with stakeholders to define the most appropriate approach creates better outcomes for everyone. Often shadow IT is caused by a lack of knowledge of the approved tools or a gap in the internal provision. Managing risk while allowing the business to operate is crucial to creating a successful IT security approach.
These solutions can be deployed without any network or endpoint requirements, allowing them to rapidly increase your current visibility. This makes them a highly desirable technology for dispersed organisations.
Assessing and deploying security updates are vital to an organisations ability to resist common Cyber Attacks. Remote assessment of the health of devices will enable organisations to focus their efforts on remediating issues, along with validating the effectiveness of their patch management processes. This will give you a unique to-do list to ensure your efforts have the maximum impact.
Deploying updates is the other half of vulnerability management and the ability to perform these tasks remotely is key to enabling a secure remote workplace. Tools that provide the ability to schedule, deliver and report on the status of updates remotely also enable the roll out of updates in phases which reduce the risk of incompatibility and the time to deploy.
Time on Headspace was time well spent, because I’m more relaxed about the fate of our fictional, but pressurised characters. By focusing on what is really important when building visibility and control, they are able to move from uncertainty to a more effective security posture. All while managing to enjoy the upsides of the rest the business being away