Jun 17 2021

CDW Tech Talk: Security in the New Workplace

In an evolving workplace with multiple locations and devices, security must adapt to address varied threats and increased risk.

With adoption of remote work policies and cloud infrastructure, companies have witnessed a rapid increase in the number of endpoints, employees and business objectives they must protect. The expanding landscape of work environments has introduced new threats and broadened the scope of the IT security professional’s responsibilities.

In recent weeks, news outlets have offered up more frequent stories of damaging ransomware attacks. Even the White House is taking notice, with the National Security Council issuing a June 2 memo urging business leaders to take cyberthreats seriously and take steps to protect their organizations and the American public.

Jeremy Weiss, cybersecurity practice lead at CDW, spoke during CDW’s Tech Talk webcast about cybersecurity’s shifting landscape and priorities and why it’s becoming so essential for companies to be able to calculate, manage and mitigate risk.

“Originally, we just thought cybersecurity was just very siloed, and security guys were fighting with networking and other areas of opportunity.” Weiss said that prior to the pandemic, IT professionals began seeing a lot of guidance on concepts such as zero-trust architecture and secure access service edge (SASE) architecture.

When the pandemic hit, Weiss said CDW heard its customers saying, “I need to evolve to the cloud. I need to get remote access. I need, need, need technology right away, and I need to go do so securely so I can keep my business alive."

WATCH THE WEBCAST: Unlock the exclusive Insider video to learn more about security and calculated risk.

Moving to the Cloud Has Required a Change in Security Strategy

Following the rapid move to the cloud during the pandemic, Weiss said, it’s been necessary to take a step back and ensure visibility. “But as you evolve everything to the cloud very quickly, mistakes can be made. So, now we're looking at taking that shift and making sure that risk is reduced,” he said.

“When we look at risk, the runtime in cloud is second to none,” Weiss said. “So, we look at things like having tools in place to minimize exposure for things like multifactor authentication to those controls, new technologies for things like CASB and cloud data loss prevention.”

“We look at things like SASE for risk mitigation. There’s user profile SASE, and there’s also data-centric SASE. Bringing those two together really allows us to minimize risk for customers as they’re evolving to the cloud and leveraging existing technologies that they have in place today,” Weiss explained.

Weiss offered some examples of the existing technologies that could be leveraged, including “SD-WAN, particularly for cloud, which allows us to leverage an existing firewall investment and give users remote access and then content access to data streams that are in the cloud as well."

Physical Security Has Been Added to the List of IT Responsibilities

As companies consider a return to the office, IT is finding itself taking on some concerns around physical security in addition to its role in cybersecurity.

“Traditional physical security we would think of door access, badge access, cameras, etc. Those are still very important in that space, but often, they were on their own networks,” Weiss explained.

“A closed-circuit television, for example, that would use a hard drive or even tape, back in the day, to record entry systems. Converging these two together into IT, we’ve seen that now we have more IP addresses because it’s using network bandwidth. The cameras actually are our conservative part of IoT. They’ll be using local storage within a data center or to the cloud. To be more efficient in that space, we’re looking at some best practices today and building out things like network segmentation. I want my physical security to be segmented away from my traditional infrastructure within IT, so that way it doesn’t take any bandwidth, doesn't take away any access to resources that our users still need to get access to on a day-in, day-out basis.”

Multifactor authentication is another tool being used to boost physical security. It allows a company to determine whether an employee is logging in on-premises or remotely. That information can help to determine the capacity of physical spaces in a building and to limit access, if necessary.

Register below for an upcoming CDW Tech Talk, held Tuesdays at 1 p.m., to hear from IT experts live.

Regular Assessments Are Essential to Providing Security  

Weiss stressed the need to assess an organization’s security strategy regularly. He recommended a triage approach that he called, “wash, rinse and repeat.”

Once an organization has made a complete security assessment, Weiss said to “do it again to make sure that you are at that next level of maturity for your outcomes. Security doesn’t have to be expensive. It can be efficient, and it’ll actually help you stay efficient for your business. Nobody wants to be down, so if you’re doing everything you can to look at where those potential risks can be, you’re going to minimize them quickly and be more efficient for your business outcomes.”

The need for assessment extends beyond an organization’s own systems to include partners and vendors as well. “There are some great cloud tools that do a good job at showing some score ratings and stuff along those lines, but really it comes down assuming what those risks can be and doing assessments against those and making sure that you’re doing your diligence on a regular basis.”

Experts at RSA Conference 2021 Expressed Concerns About Hacking and the Human Factor

At last month’s RSA Conference 2021, IT thought leaders discussed their concerns about current trends in cybersecurity, including the recent rise in ransomware attacks and the need to consider the human factor in security strategies.

In a video about current tactics being employed by hackers, experts expressed concerns about how the attack surface has widened as a result of the increase in remote work. Many of them indicated that ransomware attacks are nearly inevitable for most organizations and stressed that efforts should be made not just to defend against attacks but also to properly back up data.

When discussing the human factor and its impact on cybersecurity, experts cite it as a threat because employees can be very susceptible to cybercrime, such as phishing attacks. Employees are often viewed as vulnerabilities, especially at a time when they’re using multiple devices in various locations.

However, several speakers at RSA flipped the script on this topic and chose instead to highlight the need for IT leaders to occasionally play the role of psychologist. Protecting your employees’ state of mind during times of significant change should be a priority, and change management is a big part of that.

Margaret Cunningham, principal research scientist for human behavior at Forcepoint, summed up this idea, saying, “Recently, someone asked me, ‘Margaret, what does psychology have to do with cybersecurity? Where does it fit in?’ I had a really hard time figuring out where it doesn’t fit in. People are in charge of understanding and representing cyber risk, communicating to others what that means and also making the decisions about what to do next. It’s very much a human and technology issue that to date has been focused much more heavily on technology.”

Follow BizTech’s full coverage of the CDW Tech Talk series here. Insiders can register for the event series here.

Getty Images/ gorodenkoff