4 ways to always be improving security

4 ways to always be improving security

Consider these four tips to help build and maintain an "always-be-better" approach to security - throughout your entire organization

up
13 readers like this
remote work security best practices

Cognitive dissonance is the security professional’s archnemesis.

Most of us – including our employees, customers, and partners – understand the importance of using secure platforms and risk-minimizing protocols to protect sensitive data. Even so, people aren’t generally inclined to change their habits, especially when it requires extra effort.

Because of this disconnect, it’s essential to ensure that everyone at your organization – from product design to internal infrastructure – is invested and informed about external threats. As remote work increasingly becomes standard operating procedure, it’s more critical than ever to fully understand and constantly reevaluate your organization’s approach to security.

[ For more security advice, read Remote work security: 5 best practices.]

Here are four tips to help you build and maintain an “always-be-better” approach to security:

1. Have a voice

Each department within an organization is its own stakeholder and champions a diverse range of needs. For example, platform engineers fight for seamless interface experiences, engaging design layouts, and new innovative functionality for the end-user. HR representatives push for practices and processes that best serve the internal employee, such as communication and collaboration.

Given these varying priorities, it is vital that security practitioners are heard when they advocate for how the business should securely deliver value to customers and how it operates internally. Because business needs are always changing, infusing a security mindset up and down the organization requires consistent prioritization.

Infusing a security mindset up and down the organization requires consistent prioritization.

That doesn’t mean putting security concerns over those of organizational counterparts – security is not a zero-sum game. Rather, security must be rooted in education and partnership. Security professionals need to work with their peers to increase awareness and explain how certain functionalities can help build trust as well as tighten product security.

For example, in the new remote workplace, businesses are leaning heavily on video platforms to replicate the in-office experience. Handling the volume is one thing; providing adequate security, including end-to-end encryption when necessary, is another. The ability to guarantee secure access to information has suddenly become its own value proposition.

2. Trust, but verify

Security is constantly growing and evolving. As the landscape around us changes, staying ahead of the curve requires a certain amount of knowledge-sharing and support. Exceptional security processes are born from working with peers and uplifting each other – otherwise, organizations risk stagnation and new digital threats.

Exceptional security processes are born from working with peers and uplifting each other.

Third-party certifications can help security teams assess a business’s security status and identify areas that need improvement. These certifications, such as the FCC’s Consumer Proprietary Network InformationISO Information Security Management, and the National Institute of Standards and Technology 800-53, serve as a baseline, providing an overarching security structure to which platforms can follow. Further, certifications regularly “raise the bar,” providing a powerful motivation for teams to remain proactive and forward-looking.

3. Continuously test and assess

When it comes to security, driving innovation and raising the bar requires a healthy dose of skepticism. Even when all the boxes are checked and you’ve reached the highest possible standard, security is a ticking clock: Regardless of how many new features you add and how much testing you do, resilience requires non-stop assessment.

Even when all the boxes are checked and you've reached the highest possible standard, security is a ticking clock.

This process requires a significant amount of effort and a variety of resources, but you don’t need to tackle it alone. For example, open source communities can provide a contained environment in which trusted partners can poke and prod defense systems to identify and patch system weaknesses. And a range of external threat research firms are dedicated to partnering with businesses for responsible disclosure. That closed feedback loop enables professionals to constantly identify new opportunities for growth.

4. Plan for the unexpected

Security needs change constantly in response to unpredictable external events and evolving threats, so it’s essential to be vigilant.

By maintaining close partnerships with departments throughout the organization and encouraging new ways of thinking, security professionals can play a vital role in ensuring business resiliency and productivity.

[ Culture change is the hardest part of digital transformation. Get the digital transformation eBook: Teaching an elephant to dance. ]

One comment, Add yours below

This article is a very good

This article is a very good read. Without a doubt, this is an aspect which is paramount throughout the daily workings of a business but will be the case even more so now, given the current time. Regarding the viewpoint of security as ‘a security mindset’ was a wonderful way of expressing it. This content will provide very valuable points to stick by since the environment in which we work in has now changed. Especially with businesses availing the like of Zoom and Google Hangouts more so now than before, it is important that we continue to bear these elements in mind.

Very useful,

Thanks

Comment Now

Michael Armer is Vice President and Chief Information Security Officer at 8x8. He brings over 20 years of cybersecurity and information technology leadership experience to 8x8 in the areas of data privacy, intellectual property protection, risk management and corporate cyber governance.

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Kevin Casey
July 09, 2020

Just because you automate a process doesn’t mean you’ve secured it. If you're considering RPA, make sure you understand the security implications

Submitted By Stephanie Overby
July 08, 2020

Need to get up to speed on edge computing – or educate others in your organization? Check out these key concepts and questions, explained in plain terms, by edge experts.

Submitted By Ginny Hamilton
July 08, 2020

The IT organizations most likely to succeed in the next normal will be the ones that spend time future-proofing their workforce strategies

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.