As an enterprise, you should not need an occasion to ensure that your security practices are up-to-date, fine-tuned and resilient. However, when immersed in the day-to-day it’s easy to overlook or neglect some of the standard best practices to securing your environment. The first signs of spring seem to trigger an inherent need to clean, and it’s no longer isolated to the garage or the cottage. It’s easy and worthwhile to apply the concept of spring cleaning, an annual event, to getting your security house in order too.
Here’s a 6 point checklist to get you started!
Employees – who has access, who should not, and what’s the right move?
Just ask the HR department – employee turnover is a fact of corporate life. Employees come and go. Sometimes their departures are planned. Sometimes they can be in their cubicle on Monday and gone by Tuesday. You need the ability to respond quickly when required, so that your sensitive data does not depart with your employee. Check that authorized individuals in the organization have the ability to assign access rights and credentials quickly, and be able to delete them just the same.
Endpoints – inventory of all; audit the new and the old
For a variety of reasons, IT leaders are providing their deskbound employees with more choice than before when it comes to their devices. This has a number of favorable outcomes:
- It’s less capital intense for the enterprise
- Employees who work on devices with which they are more comfortable, are more productive
- Running a wider array of devices and operating systems, can be help reduce exposure to crippling software related bugs or OS version-specific malwares.
But it does have its drawbacks: A continuous cycle of new and old devices means that you need to increase your efforts to protect all types of devices, keep them all in-check, and make sure they are wiped when no longer in use.
Have you identified something lurking in the shadows?
Your cloud adoption may be enterprise-driven, or employee-realized through Shadow IT applications such as consumer instances of DropBox, GoogleDrive, or other file-sharing applications.
70% have already moved at least one application or a portion of their infrastructure to the cloud, willingly, or not. It’s a clear illustration of where IT is shifting. Source: 2016 IDG Cloud Computing Survey
In many ways, Shadow IT is helping to make businesses more competitive, and employees more productive. However, while IT is no longer responsible for the physical infrastructure or even managing the application, it’s still responsible for ensuring security and compliance for the corporate data employees upload to cloud services.
Apply least privileges to identity access management
Organizations should be constantly assessing rights management. As roles change, so should access rights. This is specifically important for project-based roles, where access to sensitive data may be needed for a migration, or a business operations exercise, but not as part of daily business. You need to constantly adapt. Your end goal is to minimize the access any individual has to data or systems that contain critical data. Minimize the access = minimize the risk.
Minimize data and adapt this motto…..
Archive! Archive! Archive! And limit access to those files. Though, if you can it’s best to delete files. And when you do delete them, make sure you do so securely by removing all traces of the file, including any keys associated with it. This is a good best practice in case there are unknown copies on the hard drive or other devices.
Umbrellas are for more than rain
For most organizations, managing a patchwork of controlled encryption solutions has become the norm – a common weakness in this strategy is that administrators and systems are working overtime to keep the solutions in harmony. IT leaders are having to focus on endpoint-neutral content delivery mechanisms. When you configure, update or replace existing applications for use across all device and platform types then a need for an architecture that enables interoperability quickly surfaces. The answer is to protect all of these devices under one umbrella. Look for a solution that will meet the protection needs for all your Cloud, Endpoint and IoT in one.
Follow these 6 tips to spring clean your security. But you don’t always have to wait for springtime to roll around. Following these steps as part of your daily best practices is far better than accepting the risk of data loss, a breach, or worse.