Current Data Security Considerations From a CISO and Security Expert

By Cloud and Data Center Transformation
8/5/2020

The way organizations approach security is in flux. This is a unique point in time where the standard challenges of data growth and regulatory changes intersect with new expectations and concerns posed by the global shift to remote work and a growing wave of economic uncertainty. 

Recently, Insight’s National Director of Network & Cloud Security Jason Rader sat down with Chief Information Security Officer (CISO) David Hanighen of Logix Federal Credit Union, an Insight client, for a series of three conversations around various security concerns, specifically in light of organizational responses to the current economic and health crisis. You can watch the video series here.

From remote workforce considerations to specific strategies for getting personnel invested in new security protocols, this video series highlights the ways Logix is navigating the changing data security landscape and provides helpful advice for how businesses can improve their security posture against evolving risks framed in three main phases:
 
  • Phase one — Identifying and mitigating new security threats introduced by infrastructure and workforce changes
  • Phase two Classifying and controlling your data through ongoing data lifecycle management to prevent loss
  • Phase three — Undertaking bigger-picture data protection initiatives, using compliance-related security projects as catalysts for further organizational improvement

Phase one: Securing remote work environments 

In the video “Security for remote workers,” Hanighen primarily discusses phase one of adapting to the new data security landscape: mitigating the challenges posed by shifting a centralized workforce to a remote work approach. 

To handle the expanded attack surface and increased risk of threat that comes with a dispersed workforce, Logix immediately implemented technical solutions, including MultiFactor Authentication (MFA) for their VPN connectivity and integrating various app controls.

Hanighen also notes the importance of nontechnical security work, specifically, educating employees on how to maintain strong security protocols from home and creating a cross-departmental sense of responsibility for the organization’s data.

Phase two: Surveying the data landscape

Phase two moves from immediate risk mitigation to managing and maintaining data. In the second video in this series, “Data classification and data loss prevention,” Hanighen and Rader discuss the importance of data lifecycle management — or, more generally, understanding your organization’s data landscape.

Keeping data secure despite constant flux requires intimate knowledge of the organization’s data landscape. Summed up neatly, the process can be described as “classify, control, repeat,” though, clearly the process is more complex and varies from situation to situation. 

In this video, Hanighen walks us through the ways Logix has created and maintained a comprehensive data classification and loss prevention strategy, including a partnership approach between the organization’s information security and business managers.

Phase three: Seeing the bigger picture

Phase three of handling current data security concerns involves implementing data security strategies in the present that you can leverage for future business impact. In the third video, “Identity and Access Management,” Hanighen and Rader discuss the impetus for building and implementing a comprehensive Identity and Access Management (IAM) program.

While this video covers critical access management strategies like least privilege, the takeaway of this discussion is that enhanced security dovetails with business transformation. “Security does not have to be a barrier,” Jason Rader says, insisting that security can actually be an enabler for better business productivity and a springboard for further modernization initiatives. 

“We look at it as more than just compliance,” agreed Hanighen. According to him, Logix’s IAM program is not only meant to satisfy compliance but also to serve as a game changer for the organization, creating efficiency and control that delivers stronger business outcomes and potential for continued transformation.

Watch the videos to learn more about how organizations are initiating change in their data security environments and view the infographic based on these conversations for a brief overview of the six key truths discussed.