Now that you’ve used the points outlined in the last installment of our series to discuss with your CEO how important security is to both your organization’s bottom line and your CEO’s job, it’s time to begin the process of education. There are several realities about security that your CEO must understand as you work toward a modernized security strategy that will optimally protect your organization from outside threats and inside vulnerabilities.
The legacy model of perimeter security is no longer enough.
Thanks to factors, such as remote workers and the cloud, businesses now exist in a perimeterless environment. Firewalls and network access control (NAC) can only go so far when many of your company’s business-critical systems and much of its data reside and/or are accessed far from corporate data centers. Because of this shift, identity and access management (IAM) is now central to a successful security program.
Most breaches stem from simple tricks and human error.
IAM is also central to a solid security program, because most breaches are not the kinds of glamorous, high-tech hacks that form a Mr. Robot plotline or that of any cyber thriller. Instead, most breaches are done through simple tricks and for simple reasons, exploiting human error in order to compromise account credentials.
Consider the privileged account holder who uses the same password for multiple services or websites. Gaining access to the password that account holder uses on an unrelated site can lead to sensitive systems being accessed by unauthorized users. Account details are easily compromised. Tools alone can’t and won’t solve the problem—your security strategy must encompass people, processes, and systems. And compliance alone won’t cut it. Compliance is not security. It’s a baseline, a minimum standard.
Your company is not spending enough on security. Guaranteed.
Keeping the above in mind, it’s almost certain that your company is not investing enough in security. A 2015 report by Pricewaterhouse Coopers revealed that while the number of reported security incidents rose 48 percent over the previous year, security spending as a percentage of overall IT budgets has stagnated at 4 percent or less for the five preceding years. If you don’t spend now, you will spend later, and you will pay a far higher price should a breach happen than you would by investing in prevention.
Security is a process, not a task: Every new system connection and every new app integration introduces a new potential opening for an attack. You must therefore find a way to keep up with the pace of technology adoption in your organization and to effectively deploy multi-factor technologies. Know and be able to rationalize each piece of existing technology that your business uses. Carefully evaluate and rationalize the need for any new tech. And, be prepared to pay extra to properly secure each new solution you add, if you haven’t already invested in an IAM platform to do that for you.
Security is a business enabler, not an inhibitor.
It’s time your CEO and the rest of your organization’s leadership understand that the traditional view of security as a cost center is outdated, wrong, and dangerous. With features, such as multifactor authentication for smartphones, new IAM technologies are not only easier to use and more secure, but are also capable of improving productivity. This is because today’s IAM solutions reduce employee reliance on the help desk when things go wrong, making them more self-reliant. Modern IAM provides greater security without compromising ease of use.
Increased productivity can bring a wealth of new insight into your organization. Secure integration of new applications and collaboration tools into one comprehensive IAM platform means more data-driven decision-making, without extra difficulty or expense. And, you can be granular with your policy, only enforcing security requirements based on context, rather than using an unwieldy and restrictive blanket policy that may stifle creativity, collaboration, or productivity.
Security is critical to the continued success of your company, as you know and your CEO is now beginning to understand. The impact of your security strategy reaches far beyond your IT and compliance departments. Technologies, like modern IAM solutions, can benefit your organization at every level. Don’t overlook the business benefits of your security choices.