IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. However, many times apart from security professionals, a deeper understanding of the strategy and importance of these policies is overlooked. October is National Cyber Security Awareness Month, which was created as a collaborative effort between the government and the security industry to ensure everyone has the resources they need to be more secure and aware of threats. This month especially, CIOs, CSOs and security experts focus on educating employees about the importance of security, making sure everyone understands its business objectives, uses the appropriate tools and complies with policies used to keep both company and personal information safe.
One strategy for security professionals to use to educate others is through “real talk,” which breaks things down to their basic elements and eliminates any confusion for employees when discussing IT strategies or security policies.
Bill Burley, corporate vice president and general manager at Citrix, has built his career around “real talk.” As a result of these kinds of conversations, he’s been able to identify the top eight tips for enterprise security professionals to ensure that employees effectively use security measures this month and all other times.
A Focus on Cybersecurity
Click through for eight ways organizations can ensure staff members are following established cybersecurity policies and protocols, as identified by Bill Burley, corporate vice president and general manager at Citrix.
Eliminate the need for employees to save multiple passwords. Forced to keep up with multiple passwords, employees will often write them down, creating a huge security weakness. Implement single sign-on, so people have one password to remember that changes each quarter, and provide guidance on how to create strong passwords that include numbers and symbols while making them easy to remember.
Deploy a virtualized web browser for all SaaS and browser-based applications to increase security, limit vulnerabilities, and ensure people are using the right type of browser to match each app. Make sure the virtualized browser can be accessed through a web link on any modern browser to keep it simple for the person, while providing increased security for the organization.
Focus on securing all mobile applications based on employee identity to reduce the cost and complexity of endpoint management. Use a combination of virtualized secure app and workspace delivery with mobile app management to provide clear security conditions for each person and device that must be met to gain access – including necessary software updates, security measures and compliance with policies. You can then control access to vital data and apps through identity, instead of fighting a losing battle for total device control with your people.
Integrate security into the DevOps process right from the beginning to avoid potential app compliance issues. By including security as a key part of the development and design process, developers can help identify and fix security vulnerabilities while accelerating the process of changing code, updating features and adding new capabilities as part of the DevOps process, not only improving operations, but protecting vital information and apps as well.
Biometrics and Single Sign-On
Simplify access to the corporate network from anywhere by using biometrics combined with single sign-on to connect to key apps and data. It’s common to go through multiple steps to access key apps and data behind the corporate firewall, and in many cases, each system includes its own login process. By reducing multiple steps to log in, IT and security administrators can limit user frustration, while making it easier for people to comply with security policies. Fewer people will then seek ways around security, and their productivity will increase – and hopefully eliminate, if not reduce, shadow IT.
Streamline the app deployment process through an AppOps approach that combines virtualization with a DevOps continuous update and improvement process to make it easier for IT to quickly respond to new app requests from line-of-business managers. By being responsive to management requests, IT can improve management satisfaction while reducing the risk of managers buying and deploying shadow IT and SaaS apps outside of the view and control of IT, and minimize new apps that do not comply with corporate security and regulatory policies.
Transition applications to the cloud when possible to take advantage of the stronger security disaster recovery systems in place by the dominant public cloud service providers. For all the misgivings about the public cloud, the major providers — including Amazon Web Services and Microsoft Azure — have implemented the strongest security measures available, both from an IT and physical security perspective. Only the largest enterprises have the scale and expertise to match the operational and security capabilities of these major cloud providers. CIOs would do well to take advantage of these security and infrastructure management strengths.
DevOps and Security
DevOps enables enterprises to make security more granular. A key advantage of the DevOps approach is how the teams focus on breaking down large, complex systems into smaller, more-focused processes. This new methodology enables developers to examine activity within the context of just one app. This process of simplification can be applied to security’s role in making changes to apps due to advances made with SDN and firewalls. The rise of virtualized network infrastructure and SDN lets enterprises break down big firewalls at the edge into smaller, per-app firewalls with fire-app policies.
This new approach enables the review and approved changes to take place more quickly than they otherwise could with just one firewall. As an enterprise’s infrastructure continues to grow, security teams can move more quickly and approve changes. The approach isn’t limited to firewalls but can be taken to VPNs and other areas within enterprise infrastructure – which has grown to become too complicated and is tough to consolidate and aggregate into more manageable chunks. DevOps allows the process to be broken down into smaller, simpler pieces.