Ensuring your cyber security is built for purpose
By Ralph Berndt, sales and marketing director at Syrex
Implementing effective cyber security solutions today comes down to their practicality and ensuring the fundamentals are in place. Companies must identify the data that must be secured, the reasons behind securing it, and finding the most cost-effective ways of doing so.
There has been a significant push towards a zero trust approach. This is a derivative of the new breed of security threats facing organisations. But despite how the cyber threat surface is evolving and how sophisticated attacks have become, it remains crucial for the company to define good cyber security practice within the context of its business. Ultimately, it is about having the ability to protect and recover information while doing what the business is meant to do.
However, the more secure the environment becomes, the more disruptive it is for employees. The usability of security must therefore be a golden thread throughout the organisation.
It all starts with the endpoint protection of every user device. Given the normalisation of distributed work and how employees have come to rely on their personal devices to access the corporate network and data, safeguarding these devices becomes non-negotiable. As part of this remote environment, virtual private networks (VPNs) and multi-factor authentication (MFA) become invaluable. These must be implemented in addition to standard perimeter security solutions like firewalls, anti-virus and anti-malware.
From a policy perspective, the company must make sure that users only have access to the data and systems central to their job roles. While this has always been important, it was less of a concern as employees would generally only access sensitive data while within the relative safety of the corporate network. But with employees at home becoming easier targets, the risk of lateral movement from one compromised device must be kept as low as possible.
The organisation must therefore understand how its data is being accessed and the applications that are accessing it. By putting endpoint protection and MFA in place to enhance existing perimeter solutions, companies can manage remote workers in a more secure way. As mentioned, this protection at a device level must be as integrated as possible to ensure the least amount of impact to the employee experience, while maintaining the highest level of security. For these users, it is having the ability to work in conditions as close to the office environment as possible. They want ease of use and quick access to data.
For organisations, this means a radically evolved playbook when it comes to cyber security best practice. From traditional firewall, anti-virus, anti-malware and mail protection, to endpoint, Active Directory and zero trust, they must either extend their in-house security ‘battle box’ or move to platform as a service to fulfil the security function.