IT Focus Area: Security
January 11, 2017
10 Tips to Improve Your IT Security Strategy
Is your organization reevaluating its security strategy for 2017? Start the year off right by assessing your security posture, and formulating a plan.
Here are 10 tips to help you solidify and enhance your IT security strategy:
1. Know what you need to protect
The first step in any IT security strategy: know what you need to protect. Consider the following questions:
- What are your most valuable information assets?
- Where are they?
- Who has access to them and why?
- When are they being accessed?
Answering these questions can help to establish an understanding of the critical pieces in your infrastructure that need attention. It will also provide insight into what normal activity looks like, which will better enable you to recognize abnormal patterns of behavior. It is important to think of your organization not only as an ultimate target, but as a stepping stone. Assess your partnerships and business relationships to identify which might provide access to your company’s information in the event of a breach, and vice versa. This in-depth evaluation requires collaboration between IT, security, and the business.
2. Evaluate your security posture
Addressing the volume and evolution of cyber attacks is daunting. It requires an in-depth understanding of your company’s risks and vulnerabilities, as well as the current threat landscape. By establishing an understanding of your organization’s security posture through professional services such as security vulnerability assessments, program assessments and compromise assessments, your company can focus limited security resources on the technologies and strategies that will have the greatest impact.
3. Take a data-centric approach to security
In today’s threat landscape, traditional approaches to securing data fall short. In order to protect data from evolving IT changes and targeted attacks, we need to shift our focus from securing networks, applications and endpoints to identifying and securing our “crown jewel” data. The development of a comprehensive data-centric security program — including data discovery, classification, tagging/watermarking, DLP, data visibility, encryption, enhanced gateway controls, IAM, cloud access controls and continuous education — can uniquely position your organization to protect what matters most, and make security move with your data.
4. Develop a clear understanding of cloud service models and security issues
While the benefits of the cloud are clear (scalability, productivity and increased flexibility to name a few), companies are still struggling with associated security implications. Cloud computing is not fundamentally insecure; it just needs to be managed in a secure way. Organizations should develop a clear understanding of cloud service models, as security issues vary depending on the model being used. Learn the 10 essential steps to securing your cloud data. Get your guide to creating and executing a successful cloud strategy.
5. Consider a cloud access security broker (CASB)
Many enterprises have adopted a cloud-enablement mindset and are "cloudifying" traditionally internal applications, but worry that they don’t have the right tools to fully secure their data in the cloud. CASBs enable organizations to manage and enforce security policies across disparate applications, providing much-needed insight into cloud activity, and a single point of control for multiple applications and services. Find out how to develop a successful cloud strategy.
6. Don’t forget to address insider threats
Outsiders such as hackers, organized crime groups, terrorists and nation-states may be the "bad guys" we don’t know and love to hate, but insider threats can be far more costly and damaging. Insiders—and the malicious outsiders who emulate them—have the means and opportunity to access our most critical data. It’s no longer enough to simply look outwards and focus on what's coming in; security teams must also look inwards to evaluate what's going on within the company, and what's going out.
7. Leverage threat intelligence
The best form of defense against attacks and those who perpetrate them is to know about them. Collaborative defense has become critical not only to national security but also to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by. Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical, and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
8. Use defensive deception to enhance detection efforts
Defensive deception tools and techniques help to detect an attacker’s lateral movement early, and divert it before critical data is accessed or damaged. Distributed decoy systems create the appearance of endpoints and servers throughout the range of IP addresses used within the organization, and scatter various traps such as fake credentials for accounts on decoy machines. Because legitimate users have no reason to interact with decoys, attacks can be rapidly identified and false positives greatly reduced. Endpoint detection and response platforms, IPS, next-generation firewalls (NGFWs), web application firewalls (WAFs) and Web application deception solutions can also be used to facilitate deception initiatives.
9. Work with a managed services partner to fill skill gaps
Managed security services services are designed to augment an organization's security team, and reduce the number of operational security personnel you need to hire, train and retain in order to maintain a strong security posture. Managed security services providers help give an organization the options—and the flexibility—it needs to address constantly shifting regulatory requirements and threats. By monitoring IT infrastructure and devices at service levels that are customized to meet an organization's goals, they support robust security programs, while allowing you to retain ownership of your policies, incident and change management.
10. Prepare for the inevitable with comprehensive incident response plans
Historically, too much IT security spending has focused on the prevention of attacks and not enough has gone towards preparing for the inevitable. A comprehensive incident response plan will enable your organization to respond aggressively to an attack, minimize damage and align defenses to mitigate future intrusions.