This podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.
Reduce SOC burnout
In the fight against cybercrime, the battleground for many organizations is the security operations center. The SOC is ground zero for figuring out if an organization is under attack – and how to respond swiftly and efficiently if malicious behavior is detected.
It’s high-stakes work – and the stakes keep rising as the way people work evolves and more applications and workloads move to the cloud. These shifts are increasing the attack surface in new and sometimes unexpected ways.
“It’s a never-ending trend of increasing complexity, increasing vulnerability, [and increasing] expectations of security teams to be able to defend organizations in a world that is growing more and more diverse, with employees doing more and more different kinds of things, all of which represents opportunity for hackers,” says Rob Lefferts, Corporate Vice President of Microsoft 365 Security and Compliance.
Listen to the podcast to learn more about the expanding threat landscape and how security leaders can reduce SOC burnout and enable security teams to be proactive and preventive threat hunters with a modern threat protection strategy.
The Zero Trust Model
Trust. It’s essential in successful relationships. A lack of trust among people can be hurtful – or demeaning. But in security, trusting no one — or nothing — until it is verified is becoming a smart strategy for defensive posture. It’s a concept known as Zero Trust.
A Zero Trust model embraces three principles:
Verify explicitly, by continuously authenticating and authorizing access
Use least-privileged policies to limit user access with just-in-time and just-enough-access, and
Assume breach, which minimizes a breach radius by segmenting access by network, user, devices, and app awareness.
Zero Trust is different from a perimeter-based defense because instead of only building a moat, security teams also focus on protecting what’s inside the perimeter with strong authentication and security standards that minimize privileges, giving users access only to those things they need to do their work.
Zero Trust is catching on in the enterprise: IDG’s 2020 Security Priorities study shows that one in four companies have deployed Zero Trust technologies and another 50% are researching or piloting Zero Trust solutions.
In this episode, we look at the steps organizations are taking toward Zero Trust and provide recommendations for making the most of a Zero Trust model to reduce risk while helping employees be more productive, regardless of where they’re working from.
Empowering employees to be secure and productive
When it comes to protecting your business, security is a team sport. Criminal hackers –increasingly sophisticated and persistent – are playing offense, trying to find weak spots to breach an organization. And everyone in your organization – from management to front-line employees – is part of the defense team.
But those team players can also be the biggest challenge, because to keep things secure, security teams must put up guardrails. These policies and procedures can have the unintended effect of slowing down productivity, and when that happens, employees often find workarounds, because they just want to get their work done. Which, of course, defeats the purpose of putting strict security policies in place.
“Security should not get in the way of productivity,” says Vasu Jakkal, corporate vice president for security, compliance, and identity marketing with Microsoft. “In fact, security should be about empowering people and empowering productivity.”
Listen to the podcast to learn more about the trade-offs organizations face between security and productivity in the modern workplace, along with best practices and strategies for balancing the two.
As widespread work-from-home arrangements for knowledge workers continue, traditional perimeter-based security models are no longer viable. Combine this remote work trend with ongoing and ever-changing threats, along with a growing security stack, and CISOs and their security teams are more challenged than ever to balance enterprise-grade security with end-user productivity.
In this episode of the Strengthen and Streamline Your Security podcast, we look at how an identity-based security framework can help organizations let users work from anywhere while securing them seamlessly. We’ll hear fresh insights from three experts: Joy Chik, Corporate Vice President of Identity with Microsoft; Peter Hesse, Chief Security Officer at 10 Pearls; and Bob Bragdon, senior vice president and managing director of CSO.
“The corporate network as the perimeter for security has completely disappeared,” says Chik. “Identity is becoming the control plane for security, because it provides effective access control across all users and their devices and all the resources in your digital estate.”
Listen to the podcast to learn more about how securing user identities—without negatively impacting the user experience—is one of the most important aspects of modern cybersecurity.