4 Steps to Building Better Cybersecurity
Ten years ago, as cloud computing transformed the IT landscape, there was a clear takeaway from the cybersecurity community. Companies had been very eager to adopt cloud solutions, but less eager to examine the security implications. In a way, this was the same story that had played out in IT for a long time. Productivity and convenience almost always win out over security. With cloud, though, the problem ran a little deeper. Cloud solutions were incredibly disruptive to the average IT architecture, and this led to big holes in a traditional security strategy.
Ten years later, it’s not clear that many lessons got learned. For starters, companies have been slow to pick up some of the best practices for cybersecurity in a cloud world, including data loss prevention (DLP) and identity and access management (IAM). Beyond that, the same pattern of cybersecurity as an afterthought repeated itself with the shift to remote work. To be sure, the pandemic was much more critical than the shift to cloud. But there still seems to be a disconnect between how organizations say they prioritize cybersecurity and the actions they actually take.
CompTIA’s State of Cybersecurity 2021 report finds that there is a growing sense of unease with cybersecurity practices. Overall, US workers feel worse about the general state of cybersecurity—69% say the situation is improving compared to 80% in 2020. At the same time, there is less satisfaction with their company’s security posture—70% satisfied compared to 82% in 2020. To really address all the different aspects of cybersecurity, businesses need to rethink their entire approach from the ground up.
For the purposes of CompTIA’s study, policy refers to the corporate mindset and culture around cybersecurity. For many years, the mindset and culture was defensive, focusing on a secure perimeter to protect assets that were all in one location. Today, with assets far more distributed, a new policy is needed.
Zero trust has emerged as the overarching policy that many post-cloud activities follow. In a zero trust architecture, there are no assumptions made about the authenticity of data or access requests.
Continue reading: https://connect.comptia.org/blog/building-better-cybersecurity