As a best practice, most security professionals recommend administrative users have two accounts - one for administrative tasks and a second account for all other tasks. This ensures that things like email that can be a vector for malware are kept separate from the account with administrative rights. Unfortunately, this creates a hurdle for many environments, in that the additional time and effort taken to manage and use two accounts for all administrative users becomes problematic.
Many organizations were forced to transition to a Work From Home (WFH) posture practically overnight and grapple with the numerous considerations the change brings with it. As the dust has (hopefully) started to settle and secondary and even tertiary items are being addressed, you may not be aware that there is a potential timebomb ticking away on your users' devices. This timebomb can strike when users begin returning to the workplace and have the potential to overwhelm the service desk with what is normally a minor and rare annoyance of an issue.
This July, the Zoom bug quickly got us all thinking about videoconferencing security again. Although the bug was quickly squashed, the idea that someone could send you a link that would arbitrarily add you to a conference call – thus allowing attackers to spy on you through your webcam – was unsettling beyond belief. Although Apple patched the Zoom bug out of existence before anyone could take advantage of it, the implications are worth considering.
Most business solutions are migrating to the cloud due to the flexibility, scalability, and cost-saving features. However, while moving to the cloud, data, systems, and services can be exposed to serious security and compliance challenges.
When moving data to the cloud, it is necessary to ensure that your information and data remain compliant with the laws and regulations of your industry.
Technology and businesses are increasingly moving to the cloud. However, certain conditions (such as security concerns, regulatory issues, or abnormal workflows of data) prevent complete public cloud adoption for some businesses. For these businesses, the solution can be the hybrid cloud model, which provides the rapid provisioning of resources on a billing/usage basis (public cloud), while maintaining the speed, reliability, and agility of an on-premises solution (private cloud).
Securing Applications and DataFor both traditional on-prem solutions and cloud-based solutions, how should organizations act to secure their data and applications?
When talking with IT service providers working in the healthcare space, we’ve found a few concerns repeated:
- My organization has become heavily security conscious after the malware attacks, but we’re not sure where to focus.
- Our leadership wants us to adopt cloud infrastructure and platform services, but our security team is preventing that as they are not sure of the security.
- As our development teams are building products, such as SaaS offerings for clients or other solutions, we are not sure what modern tools work for managing the infrastructure and apps involved.
Collectively, these concerns all engage in the shared idea of security and operations.