Critical thinking and planning are keys to success in the IT field especially when it comes to security and related data breaches.
Some say it is not a matter of if your company will have a breach but when.
In fact, not much more than a week goes by these days before we see another headline about a data breach of some kind.
Here are breach related headlines just from within the past 10 days:
- LinkedIn skill-learning unit Lynda.com hit by database breach (Computer World)
- Los Angeles County Notifies 756,000 of Data Breach (Security Week)
- Yahoo Breach Exposed 1 Billion Accounts (Redmond Magazine)
Leaders and managers in IT are expected to protect their companies from these types of situations. A recent white paper from Microsoft might just provide some key elements that will start the right kind of dialog inside of these organizations that will help them develop the right approach to preventing a breach from happening.
This whitepaper was written by John Stasick and Jake Mowrer, both from Microsoft, and it provides these nine areas to not overlook in enterprise security.
- The keys to the kingdom: Always assume that a set of your corporate identities have been reused, are for sale, are replicated in a 3rd party cloud or are still being used to access corporate data and assets even after separation/termination.
- With friends like these: You must adopt an assumed breach posture. You’ve already been compromised — the goal is to contain it.
- Silver bullets are for werewolves: You must take a layered approach to all security initiatives/solutions, where the next layer is always challenging the previous one.
- Hiding in plain sight: When it comes to sophisticated attacks, it increasingly “takes a village” to identify them. The new cloud security model requires putting very large telemetry sets and computational power to work on your behalf.
- Humans take the path of least resistance (usually): Doubling down on end-user security policy and relying on end-user compliance will often result in bad end-user habits, workarounds and a compromised security posture.
- If it ain't broke, don't change it?: Yes, it is possible for security solutions to delight users, improve productivity, and save money while improving your posture.
- It's all about the data, and the bass, not treble: IT can absolutely regain full control and security over SaaS apps and cloud storage with the correct solution.
- False sense of security: Marketing and sales hype don’t always live up to practical execution. Ensure you understand the practical limitations, gaps and overlaps of all of your security components.
- Head in the sand: Continuous testing of your security layers and vectors of entry is a key component of any long-term posture improvement strategy. Human error, corporate crisis and new, advanced threats can compromise the best security plans.
In this resource snapshot, I have provided you the situation and the authors key take-away on that subject. Be sure to visit the whitepaper's webpage and catch all the meat in between these nine pieces of information.
Then I recommend sitting your IT leadership and staff around a table and talking through each one of these items with a critical eye to how your company does IT security. Be brutally honest with your self-assessment and then develop a plan to take immediate steps to address any areas of weakness.
It is only with critical review that you will put yourself and your company in its best security position.
Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!