Limiting access is one of the best ways to address data risks in the new WFH and cloud world. As and more people are working remotely, the traditional approaches of device protection and depending on VPN are insufficient, noted Nick Halsey, CEO of Okera, a provider of data governance and access software. It has to be expected that company employees are going to handle data from an unsafe environment so it is increasingly important to make data safe, for example, by ensuring that the right people have the right access to data in the right format at the right time, he said. "There is no reason to give marketing or accounting teams access to Social Security numbers or passwords without proper redaction. A single policy should manage these rules and be enforced across all tools and storage for consistency, reduced overhead and time savings."
What are the Main Concerns?
When it comes to potentially being victimized by a cybersecurity attack carried out by external hackers or internal rogue users, organizations have three main concerns, said Max Trottier, vice president of sales and marketing at Devolutions, a provider of remote access and enterprise password management solutions for IT professionals and business users. "First, they are concerned about the potentially enormous costs of investigating and remediating a breach. Second, they are concerned about the lasting reputation damage of a breach. Third, they are concerned about not being able to afford the technologies and tools they need to protect their data and company."
The cost of security and technologies is a concern recognized by other security experts. "Business customers know they need to invest more in security technologies and staff, but simply don’t have the budgets to do so," said George Tubin, director of product marketing for Cynet, a cybersecurity company. "Couple that with the scarcity and cost of highly trained security talent and they find themselves in a very risky situation. Even those with larger security staffs find they don’t have the time to adequately address all the alerts their security systems generate on a daily basis."
Organizations are being challenged by the current economic environment which is exacerbating the shortage of skilled or specialist personnel that these organization can hire, acknowledged Peter Galvin, chief strategy officer at nCipher, a provider of cryptographic solutions for securing emerging technologies. They can solve these problems by encrypting all of their data and ensuring strong identity management for their employees who are accessing their networks. This solves two main problems, he said. First, strong access management (backed by a certificate) prevents bad actors from accessing the networks, and second, using new technologies such as password-less authentication and single sign-on reduce the friction for employees when accessing networks and applications, improving security and, in some cases, eliminating passwords and replacing them with biometrics.
What Needs to Change?
A combination of changes will need to be made in the future to ensure stronger data security, say industry experts. These adjustments include more accessible data security solutions for data in all organizations, whether they are SMBs or large enterprises, greater personal responsibility on the part of individuals, and stronger controls on access to data based on job roles and requirements.