There has been a dramatic change in the security landscape following the massive deployment of teleworking, which has brought new priorities for CISOs and organizational security managers. It is therefore important to focus efforts on the most effective security projects. In the following article we will reveal what these projects are.
The Security scenario has changed radically
It is clear that the security scenario has changed radically in all companies, after the covid-19, teleworking has been a new weakness to protect, prioritizing all efforts to quickly adopt effective measures to protect the most valuable assets of companies.
CISOs have had to make key decisions in choosing how to deal with the risks of teleworking in recent months. With the variety of security solutions on the market, the question arose as to which tool or tools would be the most appropriate for their organization and the most effective for maintaining security.
Faced with such a change of scenario, it is undoubtedly necessary to take new approaches to security in order to solve these new challenges. Gartner has recently published a post recommending the Top10 security projects where CISOs should focus on 2021.
The most important security projects for 2021
In the article we mentioned, 10 security projects are listed as the most valuable for companies. These 10 key points are:
- Securing teleworking.
- Risk-based vulnerability management.
- Extended detection and response (XDR).
- Cloud security posture management.
- Simplify cloud access controls.
- Authentication without passwords.
- Classification and data protection.
- Employee competence evaluation.
- Automation of security risk assessments.
We see common links in a number of these projects: On the one hand, simplifying and optimizing security. On the other hand, focus on assessing risks and prioritizing measures to mitigate them.
Simplifying and optimizing Security
Simplification in this case does not, of course, refer to less comprehensive control, but rather to two key aspects, facilitating the management and control of security by administrators, and making certain security-related workflows easier for users.
In terms of simplifying security management and control, Gartner recommends going for example to XDR platforms in order to consolidate several security products into one and optimize the response to threats. It also recommends simplifying cloud access controls through CASBs. As for facilitating user workflows, they recommend moving towards passwordless authentication solutions to increase trust and improve the user experience.
Assess risks and simplifying measures
With regard to teleworking, a few months after the launch of mass remote work in organizations, Gartner recommends assessing needs and reviewing whether it is appropriate to modify any security measures that are preventing efficient teleworking.
With regard to vulnerability management, Gartner recommends a risk-based approach so that the organization can focus on those that are exploitable.
On the other hand, with regard to classification and data protection, Gartner recommends not following the same approach for all types of data, as it could create too much security in certain areas and increase risk due to a lack of adequate security in others.
How can SealPath help with these projects?
SealPath can assist in the following projects discussed above:
Securing Remote Workforce
In a first phase, remote work was enabled through VPNs to access corporate computers from users’ homes. Dual-factor technologies were also included to ensure secure access to certain corporate resources. However, in many cases, a good part of the confidential corporate documentation is traveling and being stored on non-corporate equipment. Can we improve this?
With SealPath we can make sure that confidential corporate documentation is protected and under control wherever it travels. This way, it does not matter if it is within our security perimeter or on a user’s personal computer. Only the person we want to access it can do so, audit its use and even revoke access remotely.
In the following article we explain how to avoid the risks of teleworking by handling sensitive information.
Simplify cloud access controls
A CASB is a very useful tool to ensure compliance with certain regulations with different cloud providers and block the download of certain sensitive information by unauthorized users. However, once the documentation has left our cloud, we lose control over it.
SealPath allows us to add an additional layer of protection over the information stored in the cloud so that, if it is downloaded, we can continue to maintain control over it, monitoring access or revoking access to the data, even if it is already on the user’s computer. In addition, SealPath integrates with different cloud platforms (O365, OneDrive, Box, etc.) so that you can transparently protect the documentation in them and work with it without downloading it, directly in the browser.
In this other article we discuss the agentless functionality of SealPath to access protected documents on any platform and the protection client access, all through the browser, without installations.
Classification and Data Protection
As recommended by Gartner, SealPath promotes the protection of the organization’s most sensitive and important information. Not everything needs to be protected, but virtually every user in the company should have the necessary tools to protect sensitive information. When to protect information? When we are managing “toxic” data that, if it gets into the hands of those who should not, could cause damage to the organization, clients or collaborators.
We have already explained in this article article who should encrypt the data in an organization and when it should be done.
On the other hand, SealPath is integrated with information classification solutions, so that protection can be automatically provided depending on the classification level of the document.
Discover in this white paper how to automate the protection of classified data with SealPath and the solutions it integrates with.
TIt also integrates with information discovery tools and DLP, so that once a type of information (e.g., personal or financial data in an unencrypted document) is cataloged or detected, protection can be automatically applied to the document.
If you want to know how SealPath integrates with DLPs, and what each solution provides, access this article where we explain it.
If you would like to know more about our data-centric solution, please contact us here and we will advise you as soon as possible.