CXO Leadership Security

Security and Agility – Tips for Getting the Best of Both Worlds

Security and Agility – Tips for Getting the Best of Both Worlds

With remote or hybrid work becoming the norm, companies are challenged more than ever to protect increasing amounts of dispersed data, remaining agile and productive while ensuring circumstances don’t adversely affect business continuity.

On one hand, increased cloud adoption enhances an organization’s agility. On the other hand, cybersecurity threats have continued to intensify.

Case in point: The Verizon Business 2021 Data Breach Investigations Report revealed that phishing, ransomware and web application attacks comprised 39% of all breaches in 2021 – up from 2020. The report stressed the importance of understanding these growing risks and the need for security in difficult to control environments.

However, I firmly believe security and agility are two sides of the same coin. As such, methods exist for ensuring that your company can work toward an agility-security balance.

An Evolving Landscape Requires Change

The security-agility relationship is complicated. Historically, security policies were built around legacy networks with on-site access points monitored and isolated when the need arose, such as a potential breach or incident.

Today, many of us blend our work and home lives. We read office and personal emails on our mobile devices or company-issued laptops, access company networks through VPNs, connect to apps like Teams, Zoom, Dropbox, Trello, and so on. Doing so enables us to be more agile and respond more quickly to colleagues and customers alike, but can also make our companies more susceptible to security threats.

Therefore, consider shoring up:

  • Access to certain environments. When it comes to your most sensitive data, think about running it in isolation. This could include personally identifiable information (PII), HIPAA documentation, customer contracts, and so on. Pare down the number of employees who have access to such information.

As Apple CEO Tim Cook puts it: “If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.”

  • Your BYOD policy. Some companies allow bring your own device (BYOD), which is also known as bring your own disaster in some circles. In fact, the global BYOD market is expected to exceed $350 billion this year, up from $94.15 billion in 2014.

Although letting employees conduct business on their personal laptop, tablet, or cell phone might save money, consider the cost of higher security risks, potential loss of privacy, and complexities for IT to support disparate operating systems and devices.

Chief Information Security Officers (CISOs) must implement a BYOD plan enabling them to build a secure program that includes wiping company information from employees’ devices when parting ways.

  • Remote access with AI/ML. As technology has shifted and transformed digitally – and increasingly to the cloud – CISOs must enable workforces to access the information and tools they need from anywhere. Ever-growing remote workforces and increasing regulations mean IT must weigh encrypting all sensitive information. Artificial intelligence (AI) and machine learning (ML) in combination with automation can help as this technology assists in combatting cyber threats, while enabling a nimble, agile work environment.
  • Your employees’ security knowledge. They’re your greatest asset but can also be your weakest link. Therefore, it’s essential to provide ongoing training. Think learning sessions on using strong passwords and multi-factor authentication when available, understanding the latest phishing and smishing attacks, backing up data, securing home routers, and installing those annoying but necessary updates as they often come with patches for the most recent security vulnerabilities.

Weigh Options, Balance Risks

According to EY, IT and security leaders must strive to balance “agility with a secure and resilient architecture.”

Easy? No. Doable? Yes. Companies and consumers alike expect the organizations they do business with to be simultaneously secure and agile. You must protect information yet have the ability to access it and pivot when needed at the same time.

Digital transformation is ongoing, as is the need for the perfect balance between security and agility. However, as CIO Insight puts it, it’s an unnecessary choice as you need both. Move too slowly and you lose out to competitors. Move too quickly and security risks could cost you plenty.

As you strive for balance, contemplate the above tips that we’ve taken into account at FLEETCOR to help you get there.

Contributors

James Edgar

James Edgar, Senior Vice President and Chief Information Security Officer, FLEETCOR

James Edgar is an IT security and risk professional with extensive background in network engineering, security architecture, policy, risk, compliance and management. James has more than a decade of experience, which has included roles rangi... More   View all posts

Advertisement

Automate Everything - The New Cupid for BPOs 1 MPU 300X250
James Edgar

Login


Not Member Yet?
Register

Register

  • Name

  • Contact Info

  • About Yourself

  • Minimum length of 8 characters
  • Upload
  • Location

  • Professional Background

  • Other Social Profiles

  • Areas of Interest