CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

How to Balance Security and Employee Trust

admin by admin
January 3, 2023
in Information Security


Jan 03, 2023The Hacker NewsSecurity Automation / Cybersecurity

Challenges with an enforcement-based approach

An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an organization.

Most organizations exclusively use enforcement-based security controls, usually carried out at the network level with a Cloud Access Security Broker (CASB) or a Security Services Edge (SSE). CASBs secure data between on-premises and cloud architectures, validate authorization rules, and access controls against the company’s security policy. Some organizations also use CASBs to block SaaS applications, but like SSEs, CASBs only support some applications.

The applications these tools don’t support are often the riskiest because they don’t meet common industry and security standards, including SAML for authentication and SCIM for user management. At Cerby, these are called “unmanageable applications,” and according to their research, 61% of SaaS applications are unmanageable. Unmanageable applications are popular, and in a post-COVID world, the rate at which employees buy and deploy them has reached a new height.

Pre-COVID, IT departments were primarily responsible for purchasing and deploying organization-wide applications. The shift to remote work empowered employees across organizations to select their own tools. At the same time, rapid digitization gave them an ever widening selection of tools to choose from, causing a surge in unmanageable applications.

The average user doesn’t typically think about security first. Most people tend to assume applications are secure, and some might not care about security at all. Most users care about user-friendly features, design aesthetics, and convenience. To meet these changing requirements, application vendors altered their product roadmaps; for many of them, security was no longer a top priority.

Whether employees know it or not, unmanageable applications can negatively affect an organization’s security and often create more work for technology teams. Someone has to monitor for unmanageable applications, manually enable features like two-factor authentication (2FA), and enforce strong passwords.

To remove the burden, many organizations block or ban unmanageable applications.

It’s entirely understandable why organizations take this approach – it’s a quick and consistent way to address an immediate and concerning problem. However, as a long-term, comprehensive solution, a purely enforcement-based system isn’t sustainable or realistic in practice.

Enforcement and Enrollment

Employees like choosing their work applications, and 92% of employees and managers want complete control over application choice. This behavioral change creates some unexpected challenges for organizations with an enforcement-based approach.

For instance, many employees using banned or blocked applications also attempt to manage access manually, even when they’re ill-equipped. According to our research, employees and managers are making access management up as they go, creating risk and exposure for organizations at every point of interaction.

So, what’s the solution? A more practical and forward-facing posture that balances employee application choice and employer priorities such as security and compliance.

Benefits of enrollment-based approach

An enrollment-based cybersecurity approach empowers employees to have more freedom and individual autonomy and choice, and thereby engages them to participate in enterprise-wide security and compliance efforts actively. Unlike enforcement-based systems, an enrollment-based approach enables employees to choose the applications they want to use for work.

Cerby came into existence due to the previously unmet need for a solution that balances enforcement and enrollment and enables security and autonomy to liv in peaceful coexistence. Creating this balance is the best answer for both organizations and employees. Employees should be able to choose their applications, and employers shouldn’t worry about security.

When employees understand that application choice comes with responsibility, and the right tools are readily available to make this happen, security becomes everyone’s concern. When self-enrolling and registering applications are accessible, the same employees who resent policies on application choice will willingly get on board with easier and strengthened security with the benefit ofcompliance as well.

Check out this report to take a deeper dive into how you can empower your employees with the freedom to use their favorite applications while easily keeping them secure with Cerby.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

3 Ways CIOs Can Target Sustainability Goals in Digital Transformations

Next Post

Illustrate”lacking”

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Illustrate”lacking”

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.