Experts agree that importance of cyber security has shifted from being an issue just for IT to a risk requiring attention from CEOs and their boards. But despite the best efforts of many organizations, it’s not always easy to tell how secure sensitive company data is.
Modern enterprises have more sensitive data to protect than ever, but are facing new challenges. The organizational perimeter has disappeared, employees often use external app services to get work done, and it’s now commonplace for workers to share sensitive data with external users and contractors.
We had the opportunity to speak with, Andras Cser, VP and Principal Analyst at Forrester, to get his thoughts on the most important cybersecurity trends to consider as the new year approaches.
Recognize the impact of cybersecurity attacks
It feels like every day we hear about a major corporate or government organization having sensitive information compromised. Obviously these incidents are devastating blows to an organization’s reputation, but these compromises also come with quantifiable fiscal impacts. Forrester estimates that cyber attacks typically cost organizations $3.5 - 4 million, with each record lost costing anywhere between $50 and $300.
Shift Identity Management to the forefront of threat detection
Gone are the days of providing every employee with a laptop and VPN. According to Forrester, identity is the new perimeter keeping sensitive company data secure. By “identity,” we mean a specific set of attributes that, when paired with the right context, and policy evaluation engine, allows the user to connect and access only the company data and apps that they are supposed to have access to.
Know where you stand with your cloud apps and platforms
It’s becoming more and more apparent that cloud is here to stay. According to Cser, it’s not a question of if your company will migrate to the cloud - only how and when. Organizations that have already made the shift need to take inventory of what data is being stored where. How sensitive is that data? And how will your organization detect anomalies in data access by users, devices, and apps?
According to Forrester, today’s IT environments are 10X - 100X larger than they were just 5 years ago. Organizations are utilizing several times more machines, and thousands of on-prem and cloud apps. Managing who has access to what is critical in these large environments- especially when organizations are depending upon many different types of machines like mobile, BYOD, and IOT (“Internet of Things”)-integrated devices.
Speaking of IoT, according to Cser, it’s highly likely that compromised IoT devices were used to conduct the DDoS attack on the Dyn DNS servers last month. Despite their vulnerability to DDoS attacks, Forrester expects a huge surge in IoT device adoption in the coming years. This makes the need for identity management all the more prevalent, says Cser.
Proactivity is key
Identity and Access Management is about more than what tools your organization implements. Cser states that IAM is 70% people, process, communication, and politics. It’s critical to instill good user access behavior and for employees to maintain relationships with compliance and governance specialists. Without these critical elements, even the most robust identity infrastructure is vulnerable.
There are 5 more key trends from Forrester to consider when developing your cybersecurity strategy. Click here to view the live webinar that Andras Cser and OneLogin Sr. Director of Product Marketing Al Sargent just completed. Our speakers discuss key predictions for 2017, and outline how you can automate secure access to your applications, laptops, and mobile devices in a rapidly evolving landscape.