The cybersecurity industry grew up around keeping threats out. But in a cloud-based, collaborative remote work dynamic, that model doesn’t hold up. Rajiv Dholakia, Chief Product Officer at VERA, believes the traditional lines of defense must give way to a new defensive approach that adapts to wherever data-sharing happens.
The $156 billion cybersecurity industry grew up around trying to keep threats out. From firewalls and access management to antivirus and intrusion prevention, fortifying the castle walls is always seen as the way to keep the crown jewel data safe within.Â
Decades of experience now prove to business, government, and other large enterprises that this philosophy, unfortunately, doesn’t work. Even higher, thicker walls get penetrated repeatedly as attackers grow more clever and resourceful, exploiting open areas of the perimeter and authorized traffic in and out. So the prevailing security mentality needs to be flipped; the traditional “last†line of defense — closest to our valuable data — is now the most important “first†line.
In this unprecedented year, almost overnight, businesses had many expensive, office-based security layers upended. There were no more automatic perimeter defenses or in-person safety and risk reminders from security teams. Tremendous judgment and personal responsibility for ensuring customer trust, privacy, and compliance now fall to employees 24×7 every day in the remote and mobile world, even as we all grapple with the pandemic’s mental and physical stress that can be hugely numbing..
Outside of COVID-19 lures and scams, the breach toll and tempo roll on in 2020. For businesses, the world was already irrevocably going mobile and cloud-first. Amid this ever-evolving normal, there has been a steady stream of security advice — apply two-factor authentication, never share passwords, be careful about what you download, and do not click on unknown links or emails. These are all important and should be regularly observed.
But mistakes happen. Even very cautious, cyber-savvy people can occasionally be tricked by an expertly planned spear phishing attack or an authentic-looking malicious email. We’re all too busy, too stressed, or moving too fast. Attackers know this. That’s why cyber-crime rates have skyrocketed in the pandemic, as evidenced in this August 2020 report from InterpolOpens a new window .
Learn More: Cybersecurity Lessons From 2020: C-Suite Weighs In on Both Good & Bad
In a Cloud World, The Last Line of Defense is Really the First
While it is important for individuals to observe all the oft-repeated security best practices, it is time for businesses to do more. They must empower employees with more centralized remote and cloud-friendly tools to act as guardrails and safety cushions for the inevitable human errors.Â
For example, why force employees to master and maintain file sharing settings on multiple sync and share apps if you can give them a single, approved place to share files that can handle diverse file types and simplify both encrypting and sharing their contents?
Put head-to-head, productivity usually beats cybersecurity under the best conditions. So it is incumbent on more businesses to alleviate unnecessary stress on remote workers that comes from relying too much on humans to integrate everything necessary to get things done safely. There have been great strides in areas like remote access, for example – where VPNs are ubiquitous and were fortunately available to facilitate the speed and hygiene of mass-scale telecommuting. However, VPNs are not necessarily set-up to screen the health of machines connecting in or control where and how users store files. “Just VPN in!†is a great business continuity plan for an office closure lasting a week or two during a blizzard or hurricane – not months of pandemic disruption.
So back to why the last line of defense is now the first: Organizations need to take a “follow the data†or “data first†spin through their strategies to make sure they account for workflows that adjust on-the-fly to new circumstances. “Workflow†is key because it takes into account data, human roles, and the processes they perform.Â
If your data used to sit only in business applications you own, but migrated to SaaS tools during the pandemic to keep workflows humming, IT needs to follow the data to ensure the SaaS provider has configured it correctly – especially as providers continually introduce new features and default settings.Â
Similarly, if you are using new go-to-market partners to maintain your sales pipeline during these times, follow the data to learn how much of your intellectual property, customer PII or other crown jewels these partners need out of necessity. Reexamine how you collaborate with them; it might be safest for all parties to set up a centralized file-sharing and collaboration platform you control, versus relying solely on different partners’ varied security profiles.
Learn More: Top 4 Biometric Authentication Predictions for 2021
Final ThoughtsÂ
These are days that few IT pros, security teams or business leaders could have planned for. The pandemic reminds us that security is not the sole responsibility of any one person or team. Our devices and data are outside the castle walls these days, and protection needs to go with them. Now is the perfect time to encourage leaders in your organization, peers and everyone sharing your shelter-in-place workspace to be the first line of defense and resilience.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!