Start with One App: Don’t Let the Perfect Be the Enemy of the Secure

August 16th, 2019   |     |  product and technology, security & compliance

Today, the most critical business resource is data - information encoded as zeroes and ones has become the de facto currency for our time.

Did you know we produce 2.5 quintillion bytes of data every day? And that 90% of the data in existence was created in the last two years?

Not only is the overall volume of data increasing at an astonishing rate, but the amount of sensitive information, such as source code, financial data, or strategic plans, is growing, as well.

I Get It, Cybersecurity is Important

Most folks understand the general concept of cybersecurity: protect against malicious cybercriminals from gaining access to systems and data that should remain confidential.

Most folks also understand there’s an enormous list of vendors providing a sizable suite of technologies available to achieve this security.

But, what a lot of our customers tell us they hadn’t been thinking about before we engaged with them is that the majority of these technologies cannot extend their capabilities to cloud apps.

Walkin’ in the (Cloud) Wild West Dire Straits "Wild West End": Single App Security

I really wanted to make a Dire Straits “Wild West End” reference (their first two or three records are truly phenomenal), but I couldn’t make it fly. Ha. Ha. Anyway, where were we?

In the cloud wild west, anyone can try and log in to your cloud apps. In many instances, the only barrier between malicious cybercriminals and your sensitive data is a password.

What’s stopping you from…

  1. Learning the username scheme at a company (jane.smith@company.com, jsmith1@company.com, etc.)
  2. Going to Salesforce.com or Box.com or any number of cloud apps, and trying to log in with a combination of those usernames and a list of the most commonly used passwords, and
  3. Eventually finding a combination that works and gaining access to cloud apps that contain ultra-sensitive information.

You really don’t have to be a technology wizard to run that play. And it doesn’t take much more effort to programmatize, automate, and scale the same methodology. It’s a numbers game.

Pull Out the Big Guns?

So, is it time to pull out the cybersecurity big guns and start evaluating all kinds of vendors and running POCs and paying hundreds of thousands if not millions of dollars to achieve some peace of mind?

Maybe.

Security solutions can be daunting: large-scale projects that take months to deploy, negatively impact the end-user experience, or require multiple FTEs to operate.

And maybe you haven’t been waiting around, keeping your schedule clear, to tackle a company-wide or cloud-app-portfolio-wide project.

Maybe you’re primarily concerned with the most sensitive data in your company. And, if you’re worth your salt as a security & risk professional, you likely know the one or two or handful of apps that have the most secret of your company’s secret sauce.

Malcolm Gladwell: Cybersecurity Advisor?

Think of Malcolm Gladwell. The Pareto Law. The 80/20 rule.

Whether we’re being literal in our interpretation that 80% of the work will be done by 20% of the participants, or extrapolating to conclude that the bulk of your sensitive data - and therefore risk - resides in a small percentage of your of your apps - there’s wisdom in this 80/20 concept.

So, more likely than not you would achieve a phenomenal return for your time/effort/capital investment by focusing on those apps. Apps like Workday, Office 365, Oracle eBusiness Suite, SAP, Peoplesoft, and the like.

Don’t Let the Perfect Be the Enemy of the Secure OneLogin Chart: Effort and Impact of Security Projects

Focus on a critical app or two to start, and focus on the lowest-effort, highest-impact security project out there: putting MFA in front of your most sensitive apps to stop brute spray and password replay attacks in their tracks.

Or, in vendor speak, implement security at the speed of your business for meaningful protection without interrupting your workforce.

How Do You Suggest I Do That?

So glad you asked. Learn how we can help you protect your most sensitive data easily with impactful security focused on a particular app or two.

OneLogin makes it easy to start with a single application. We will help you deploy in minutes - not months, help you guide your organization through the change management of introducing a user-friendly MFA solution, and deliver meaningful protection for your most sensitive apps right now.

About the Author

Michael Gleason currently serves as OneLogin’s Director of Product Marketing. With a background in taking inventive IT & security offerings to market, Michael has held strategic go-to-market roles within the Cisco Cloud Security Group, CloudLock (acquired by Cisco), and SSH Communications Security.

View all posts by Michael Gleason

About the Author

Michael Gleason currently serves as OneLogin’s Director of Product Marketing. With a background in taking inventive IT & security offerings to market, Michael has held strategic go-to-market roles within the Cisco Cloud Security Group, CloudLock (acquired by Cisco), and SSH Communications Security.

View all posts by Michael Gleason

Secure all your apps, users, and devices