Ask the Expert with Myriad360: Secure & Mobile Workforce
Alpesh Shah, Vice President, Cybersecurity Solutions, Myriad360
Alpesh has more than 15 years of experience in developing complex cybersecurity solutions for companies. His experience ranges from gathering security requirements, strategic planning, and developing solutions to testing, production support, project management and implementation. His areas of expertise include cyber security architecture, solution strategy, cloud security, service delivery, and physical and internet of things (IoT) security.
Because most organizations have employees who regularly work outside the office now, many organizations are looking to modernize their security to both empower and support their workers. Their goal is to better protect and defend their organization from potential security threats and risks—regardless of where or on what device their employees are working.
Below Myriad360’s Alpesh Shah, VP of Cybersecurity Solutions, talks about how networks and security have changed over the years, what a Secure & Mobile Workforce is and the steps organizations need to take to create one:
Q: Now that so many organizations have employees working outside the office (working anytime, anywhere and on any device), how does that change how they have to secure their network?
A: If you think back to the early 2000s, the internet and how we worked was very different. Back then, almost all the applications employees used were housed inside an organization behind a firewall (i.e., the traditional network perimeter), including all of an organization’s digital assets. Fast forward to today and employees regularly work remotely on multiple devices (either that their organization owns or that the employee bought themselves, such as smartphones, iPads, laptops, etc.) while they travel the globe, they largely rely on applications that are hosted in either a private or public cloud or use software as a service (SaaS) applications, and there’s no longer a well-defined network perimeter. Plus, more often than not, their mobile devices have confidential business and customer data on them.
This fundamental shift in how organizations store and manage their applications and data, and how their employees access and use them is important because it means it’s no longer enough for organizations to secure their IT infrastructure—they have to secure both their IT infrastructure and mobile workers.
Q: What are some of the biggest security threats to organizations today?
A: One of the biggest threats to organizations we see is not educating and training their employees on potential security threats, as employees really are an organization’s first best line of defense. Another major threat to organizations that’s equally important is not having enough visibility into where their applications and data are, and who is accessing and using them and how. This can open an organization up to a lot of data theft and data leakage. For instance, online applications are great for empowering employees to get their work done anytime, anywhere. But the downside is, many of those applications allow users to quickly and easily download and share data with others, regardless of whether those individuals are authorized to view or have that data or not. Fortunately, several new technologies are available that can help you gain more visibility into your network, consistently deliver security across your entire network, and better identify and manage potential security threats.
Q: What’s the best way for organizations to create and establish a Secure & Mobile Workforce?
A: Obviously, this always varies from organization to organization. But in general, a few things organizations can do include:
1) Implement a strong security program and continuously monitor and measure the effectiveness of the program.
2) Implement industry security standards such as NIST CSF, ISO 27001, CIS Top 20 controls, etc.
3) Adopt modern identity and access paradigms across the organization and ensure you have a “single source of truth” for your employee identities.
4) Have clear visibility into your confidential data and ensure you have a great access control mechanism in place.
5) Streamline threat management and standardize the process.
6) Take advantage of integration and automation for your various security controls.
Q: If an organization wants to increase their security, but primarily has third-party service providers managing and storing their applications and data, what advice would you give them?
A: My best advice is: Don’t assume just because a third-party is storing and managing your applications and data that they’re taking care of all of your security needs. In a cloud environment, both the service provider and an organization have a shared responsibility for security. Thus, the lines between what an organization is responsible for securing and what a service provider is responsible for securing can be blurry. To overcome this:
- Make a list of what applications and data each service provider has, and how confidential and sensitive or unimportant those assets are to your organization.
- Determine how much risk each service provider potentially poses to your organization.
- Find out how each service provider handles security, and which parts of your security they’ll be covering and which parts your organization needs to cover.
Then, develop and implement a third-party security management policy and program, make sure all of your service providers are aware of those, and continually monitor and measure the effectiveness of each provider.
For more information about a Secure & Mobile Workforce visit https://myriad360.com/design/secure-mobile-workforce/