CDW Tech Talk: Security in the New Workplace

Moving to the Cloud Has Required a Change in Security Strategy

Following the rapid move to the cloud during the pandemic, Weiss said, it’s been necessary to take a step back and ensure visibility. “But as you evolve everything to the cloud very quickly, mistakes can be made. So, now we're looking at taking that shift and making sure that risk is reduced,” he said.

“When we look at risk, the runtime in cloud is second to none,” Weiss said. “So, we look at things like having tools in place to minimize exposure for things like multifactor authentication to those controls, new technologies for things like CASB and cloud data loss prevention.”

“We look at things like SASE for risk mitigation. There’s user profile SASE, and there’s also data-centric SASE. Bringing those two together really allows us to minimize risk for customers as they’re evolving to the cloud and leveraging existing technologies that they have in place today,” Weiss explained.

Weiss offered some examples of the existing technologies that could be leveraged, including “SD-WAN, particularly for cloud, which allows us to leverage an existing firewall investment and give users remote access and then content access to data streams that are in the cloud as well."

Physical Security Has Been Added to the List of IT Responsibilities

As companies consider a return to the office, IT is finding itself taking on some concerns around physical security in addition to its role in cybersecurity.

“Traditional physical security we would think of door access, badge access, cameras, etc. Those are still very important in that space, but often, they were on their own networks,” Weiss explained.

“A closed-circuit television, for example, that would use a hard drive or even tape, back in the day, to record entry systems. Converging these two together into IT, we’ve seen that now we have more IP addresses because it’s using network bandwidth. The cameras actually are our conservative part of IoT. They’ll be using local storage within a data center or to the cloud. To be more efficient in that space, we’re looking at some best practices today and building out things like network segmentation. I want my physical security to be segmented away from my traditional infrastructure within IT, so that way it doesn’t take any bandwidth, doesn't take away any access to resources that our users still need to get access to on a day-in, day-out basis.”

Multifactor authentication is another tool being used to boost physical security. It allows a company to determine whether an employee is logging in on-premises or remotely. That information can help to determine the capacity of physical spaces in a building and to limit access, if necessary.

Register below for an upcoming CDW Tech Talk, held Tuesdays at 1 p.m., to hear from IT experts live.

Regular Assessments Are Essential to Providing Security  

Weiss stressed the need to assess an organization’s security strategy regularly. He recommended a triage approach that he called, “wash, rinse and repeat.”

Once an organization has made a complete security assessment, Weiss said to “do it again to make sure that you are at that next level of maturity for your outcomes. Security doesn’t have to be expensive. It can be efficient, and it’ll actually help you stay efficient for your business. Nobody wants to be down, so if you’re doing everything you can to look at where those potential risks can be, you’re going to minimize them quickly and be more efficient for your business outcomes.”

The need for assessment extends beyond an organization’s own systems to include partners and vendors as well. “There are some great cloud tools that do a good job at showing some score ratings and stuff along those lines, but really it comes down assuming what those risks can be and doing assessments against those and making sure that you’re doing your diligence on a regular basis.”

Experts at RSA Conference 2021 Expressed Concerns About Hacking and the Human Factor

At last month’s RSA Conference 2021, IT thought leaders discussed their concerns about current trends in cybersecurity, including the recent rise in ransomware attacks and the need to consider the human factor in security strategies.

In a video about current tactics being employed by hackers, experts expressed concerns about how the attack surface has widened as a result of the increase in remote work. Many of them indicated that ransomware attacks are nearly inevitable for most organizations and stressed that efforts should be made not just to defend against attacks but also to properly back up data.

When discussing the human factor and its impact on cybersecurity, experts cite it as a threat because employees can be very susceptible to cybercrime, such as phishing attacks. Employees are often viewed as vulnerabilities, especially at a time when they’re using multiple devices in various locations.

However, several speakers at RSA flipped the script on this topic and chose instead to highlight the need for IT leaders to occasionally play the role of psychologist. Protecting your employees’ state of mind during times of significant change should be a priority, and change management is a big part of that.

Margaret Cunningham, principal research scientist for human behavior at Forcepoint, summed up this idea, saying, “Recently, someone asked me, ‘Margaret, what does psychology have to do with cybersecurity? Where does it fit in?’ I had a really hard time figuring out where it doesn’t fit in. People are in charge of understanding and representing cyber risk, communicating to others what that means and also making the decisions about what to do next. It’s very much a human and technology issue that to date has been focused much more heavily on technology.”

Follow BizTech’s full coverage of the CDW Tech Talk series here. Insiders can register for the event series here.