CISO Talk News

“Assess. Evaluate. Secure”- 3 Rules to be Followed by the CISOs

By: Debojit Maitra. He is a Senior Information Security Professional

The coronavirus outbreak has been a testing time for every organisation, causing unprecedented impacts on business processes. In these times, the words of Satya Nadella come to mind, “Sustainability in business is about being able to reinvent yourself or invent the future”. At ABFRL, our work from home experience has been unique and invigorating from an information security standpoint. Given that we have to handle a large remote workforce, we are faced with new challenges in terms of securing endpoints. We have worked towards achieving such sustainability by employing a combination of innovative technologies and strict implementation of contingent policies.

In terms of security challenges, the 3 primary challenges that have come up in the present:

  1. A larger attack surface, given that we are removing technology from places where they can be controlled and according access to largely distributed locations
  2. The fact that some of our employees may be using corporate assets on an unsecured public network brings with it the fear of threat actors intercepting critical assets and exploiting unprotected networks to launch attacks on your security infrastructure.
  3. This is further accentuated by the fact that malicious actors have a lot of free time in their hands, resulting in an exponential rise in occurrence of breaches.
  4. Data Leakage during this time from the Admin Users who Logs in to the Servers 
  5. Data Leakage from end Point M/C to Competitors.
  6. Using Personal Computers to access to Servers through Zero Trust VPN.
  7. Mail Phishing blocking and continuous rendering awareness to Users the do’s and Don’ts of Security
  8. Video conferencing from Home with Emp and Vendors.

How we’ve addressed these challenges makes for an interesting description

  1. In terms of extending security concerns to our entire workforce, we have followed the threefold rule of “Assess. Evaluate. Secure”. Assessing the gaps in your security setup and reviewing if our systems have the capacity to support the entire workforce became critical. 
  2. We have moved from traditional VPN solutions which are obsolete in current situations. Our implementation of InstaSafe, which is a cloud-based SDP security solution that leverages the conceptions of Zero Trust Security, helped in scaling up operations and extending remote access to our workforce with ease.
  3. Implication of ATP, Sandboxing and EDR at End Point , Each Users to pass through  Secured Proxy with the help of installing Proxy Agents where in ATP and Sandboxing enabled and Constant monitoring capabilities in order to analyse and prevent security risks is another indispensable requirement in this scenario. 
  4. Shifted the DLP and End Point server from MZ section to DMZ Section to Monitor Online the End Point Data leakage if any activities.  
  5. Instasafe Zero Trust Browser based VPN Blocked the Copy Paste option from Server to End Point Laptop made the DLP Activity enabled at no additional cost.
  6. Digital Certification, PKI authentication and Single Packet Authentication made this Personal computers Secured when they are connected in our Network.
  7. Enabled Microsoft Teams / Cisco Webex had made all work smooth and easy.
  8. Continuous in touch with Mail Security Vendors and Email of Awareness to People really made the Process and People Secured.

While I feel that remote workforces are the future, it is necessary to implement technologies that support your capability to handle a distributed employee base. At the same time, there is a need to sensitise employees about the minimal security measures they can take, like hardening their routers, to prevent easy exploitation of security gaps.

Related posts

New Relic Named a Cloud Observability Leader by GigaOm

enterpriseitworld

Quantum Announces the Scalar i7 RAPTOR for Data Lakes

enterpriseitworld

HPE Leverages GenAI to Enhance AIOps Capabilities of HPE Aruba Networking Central Platform

enterpriseitworld