Organizations are continually under attack from hackers and criminals all over the world that want their information. Without a doubt, leaders are constantly analyzing risk vs. reward and how that relates to security and productivity.If they are not, they are missing something quite significant.
It might seem easy, to some, to just purchase the latest and greatest cyber security solutions and widely deploy them across all platforms in an enterprise. However, the challenge is much greater and there are many more things that need to be considered when evaluating security and productivity. Finding the proper balance has many factors that need to be evaluated and considered when making security decisions and providing the maximum amount of cyber protection and task output.
Lets take a look at some of the most common decision points and then dissect each in more detail.
- What is the present state of the security culture within the organization?
- What trends are being monitored and analyzed within all environments and platforms?
- What confidence do you have in the cyber security solutions that are presently deployed?
- If you have not - yet - been breached does this mean your environments are secure?
- Unify systems to increase “Security vs. Productivity”
Determining the present state of the security culture within the organization is essential. This can be somewhat subjective or unclear on occasion, but with the right analysis, oversight and guidance, it can be quite useful. There are a number of factors that can be assessed. To name just a few - ongoing employee training and guidance are essential in creating and sustaining a positive security culture. Adequate controls for tasks and methods must also be in place. It’s one thing to establish a process, but a poorly trained, unmotivated or rogue employee will find the quickest and easiest way to accomplish a task without regard for security. Some will say that they’re not able to meet their deliverables because of security slowing them down, but it’s best to evaluate the risk vs. reward in this instance with regard to security controls. Employees are a significant asset or liability in many ways including security, so it’s your choice on how you utilize them or let them utilize the organization. Take the top down approach - starting with the board of directors - in dictating, facilitating and analyzing your security culture. Remember that -- “employees are the engines that keep the company moving forward, stalling its progress or simply creating a negative security culture”.
Recognizing what trends are present or absent in an environment is critical in predicting outcomes and eliminating threats. Proper automated system monitoring and actioning is vital for many types of conditions. For example -- every day a system is entered from a known IP address with a given set of credentials. However, on a different day, the IP address changed but presented the correct credentials. Should the system allow or not allow the entrance? This is a very elementary example, but provides some context. Another example would be -- an employee logs on to “Box” often to perform his or her routine tasks, but today they first downloaded confidential data to their device prior to logging into “Box” and they have never or rarely download confidential data to their device. Should the system allow or not allow the login? All of these are examples of “Risk vs. Reward” & “Security vs. Productivity” decisions that must be addressed.
Having confidence in the cyber security solutions that are being utilized is paramount. This starts with having a collaborative type of relationship between the vendor and the organization. If this type of relationship does not exist, it’s quite likely that the product will not be understood to its fullest, the customer’s technical requirements will not be met and the product will be under-utilized and under-deployed all leading to a potential loss in security, productivity or both. Develop the relationship and you will be much more likely to be successful in its abilities.
You’ve gone months, if not years, without information loss or system breach. Does that mean it’s time to stop investing in cyber security solutions? Before I answer that question, let me tell you how one cyber security expert put it this year at the U.S.A. - Israel Cyber Security Summit in Washington, DC. He simply asked -- would you drop your homeowner’s insurance policy because no one has broken into your home? The obvious answer to both of these questions is – no. You must remain vigilant and agile in protecting your firm’s assets. Don’t be inclined to think that you can save money or increase productivity by eliminating proper security protection because no information has been lost recently. Hackers are constantly evolving to gain the edge over organizations and you must also and not become complacent.
Unify systems to increase Security and Productivity. Organizations tend to deploy multiple cyber security solutions that perform very specific uses cases that lead to an increased environmental footprint, amplified complexity and an overall more difficult support and usability scenario. When looking at secure data exchange and cyber security solutions, investing in one system that performs each use case needed reduces the overall complexity and leads to increased security and productivity. For example, Safe-T provides an end-to-end cyber security solution, Safe-T Box, which enables organizations to broker, control and secure data exchange of any type and size between people, applications, cloud solutions and businesses. This type of solution will increase your security position and have a much higher user adoption and satisfaction rate as compared to multiple disparate systems that end users have to learn and manage.
Finding the proper balance of security and productivity is a challenging task that every organization must take on. When done properly and by selecting the proper cyber security solution, you can maximize security and productivity simultaneously while setting proper expectations of the employees and customers of the enterprise. Don’t be caught playing the game of not encrypting data or allowing diminishing controls because someone has pressured you into meeting an unrealistic expectation. Always remember the “Risk vs. Reward” factor when making these decisions.
Safe-T box provides a variety of ways for enterprises to share data securely, and to control what data can and cannot be shared. For more information on how to ultimately secure your information, and your business, download Safe-T's White Paper: The Ins and Outs of Secure Data Exchange.