Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Architecture

Reviving Cybersecurity Innovation with Experience at the Forefront

Take another look at the title of this article. Do you find it to be a surprising statement? Cybersecurity innovation is not quite at the stage where it needs resuscitation, still, the last few months have demonstrated the need for change. As we move forward, the changing workplace environment is certainly building the case for innovation.

Take another look at the title of this article. Do you find it to be a surprising statement? Cybersecurity innovation is not quite at the stage where it needs resuscitation, still, the last few months have demonstrated the need for change. As we move forward, the changing workplace environment is certainly building the case for innovation.

At a recent virtual security conference, a session presented by cybersecurity specialist Robert Hannigan discussed changes that have occurred with the move to remote working. He noted many Security Operations Centers are experiencing a drop in the number of alerts, but not because volumes have reduced. Instead, it is because alerts have moved from being visible on the corporate network to invisible on home Wi-Fi.

The bad guys know this and are taking full advantage of the opportunity. Initially, confusion caused by contact tracing applications and COVID packages provided a vehicle for data theft and ransomware – although, this was short-lived and peaked by the end of March. Now, we’re seeing scammers changing direction toward online shoppers and bored home workers who are downloading television shows and movies illegally.

As we move toward a post-pandemic world with remote and in-office work blending, what should organizations be considering in giving the best user experience, meanwhile, maintaining their privacy and ensuring business applications and data remain secure?

Think Differently; Experience Comes First

To answer the above question means a new way of thinking is required. Instead of considering “How many connections?” or “How fast is the throughput?”, start thinking from the user perspective and ask, “Does this improve user experience?” and “What problems could it solve?”. These questions make it easier to break down the challenge and are highly relevant for customers and users.

Experience is a critical, subjective metric. It defines user access, usage and interaction with applications and services. With people now working from home or in offices with social distancing measures in place, this matters even more. Our job has not changed, but how and where has.

A good experience is rewarding for users and will make them more loyal to the applications they use. Without a good experience, it is all too easy for a competitor to lure them away, with a few simple clicks showing the potential of a shinier, more responsive alternative. Think about this in the context of your smartphone. It is likely that you download a couple of new applications every week, looking for a tool to simplify a task. But how long until it proves its worth? If that new app proves to be only shiny on the surface, there’s another version in the App (or Google Play) Store awaiting your attention.

Advertisement. Scroll to continue reading.

Simplification, Automation and Security

Talking to users and finding out what their experience is will provide a better understanding of what works and what does not. Understanding how they prioritize activities will help you pull this into the context of delivering services and applications for a modern enterprise. 

1. They want to simplify their environment to deliver a slicker customer experience, which can often be achieved simply by maximizing existing investments in technology.

2. They are leveraging data and analytics for automation of tasks, giving time back to the IT team with a focus on innovation rather than management. 

3. They need to secure what they have with effective data usage and automation to ensure consistency and reduce false positives.

Managing Complexity and Consistency

A typical example from customers is the need to reduce complexity and make more from existing investments while overcoming the daily struggles of too many management interfaces, sites and overlapping technologies. The hurdles are not only technical, but also staff-related in ensuring specialists are well-trained in their roles. 

How can things be made simpler? Talk to users and consider ways to streamline activities. Automation rules could help by dynamically changing traffic behavior or routing to make sure that services are correctly prioritized and delivered for users. For more granular but consistent control, multi-tenant options would make a good conversation. It provides role-based management at different levels, reducing individual workloads yet still maintaining overall control of the environment.

The (Remote) Elephant in the Room

So, what about remote users? This area has gained attention, as we’ve seen demand from organizations needing to have their employees work from home. For the IT team, this has meant an increased workload. They have moved from managing a small number of remote users to dealing with hundreds or thousands of remote users acting as ‘micro-branches.’

For many users, the experience at home is not an issue. However, some require access to sensitive data or real-time systems. Those users will be using the same Virtual Private Network (VPN) client as everyone else to achieve this and it is no longer suitable. A VPN punches a big hole in the side of the network, allowing users access but also leaving gaps at the edge for attackers to sneak in.

A better solution is to look at the latest technologies which extend the corporate network into the home, providing the same reliability of working at an office, but with the benefits of management, security and visibility for the IT team. All are ensuring the best and most secure user experience.

How can you Fund the Investment?

Employees have found that working from home is a benefit they enjoy. In fact, many have said that they would either prefer to remain remote or work from home a couple of days a week, even when they can go back to the office.

There is a potential cost saving here, as organizations look to hot-desking and smaller offices as options instead of allocated per-user spaces. Rather than merely putting these savings to the bottom line, why not use them to look at new and innovative ways of improving overall user experience across the business? 

Of course, the business will want proof of the return from any new investment and cybersecurity ROI has always been a challenging topic. That said, the result of the sensible investment will be happy and loyal users, reliable and innovative services, and measurable business and competitive benefits for the organization.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Endpoint Security

Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.