Imagine this: You sit down to work, and you realize something isn’t right. Systems are down. Access isn’t happening. Perhaps you’re staring down a message you’d only thought you’d see in a bad dream — about a six-figure ransom payment to save your company’s data.
Security incidents can be a scary reality. And they’re only increasing in frequency and sophistication. Cybercriminals are targeting large enterprises, small businesses, government agencies, healthcare organizations, and more. Protecting a business, its users, and its data is more difficult and complex than ever.
Part of the challenge lies in balancing the need for innovation with the need for security. Businesses must move fast to stay ahead, or even remain a competitor on the playing field. Moving too quickly, however, can compromise an organization’s ability to ensure proper governance and controls.
How are leaders navigating it all? We set out to find out in our survey, “The Path to Digital Transformation: Where IT Leaders Stand in 2022,” an Insight-commissioned IDG survey. Here’s what 400 U.S.-based senior IT decision-makers (director and above) told us they’re prioritizing.
(For more from the survey, click here.)
The top five cybersecurity strategies that respondents are implementing (or planning to) in 2022
#1: Performing security testing
It’s impossible to know how an organization and its systems will fare in the face of a cybersecurity event unless security testing is used regularly and methodically. Scenario testing, injection testing, and penetration testing can help organizations identify and remedy weak points in systems, databases, code, or end-user environments before a cybercriminal has the opportunity to exploit them.
#2: Implementing a Zero Trust security framework
Sprawling IT environments, hybrid work models, and increased use of IoT and edge solutions have necessitated new security approaches. Most organizations surveyed are looking to Zero Trust as the foundation for a stronger posture. Zero Trust approaches are based on the idea that all endpoints are untrusted until proven otherwise. Read this whitepaper to learn more about it.
#3: Updating governance policies
Governance is a sweeping term these days, but in the purest sense, it has to do with guidelines. Such guidelines may provide answers to questions like: What do we need to know to grant access? What differentiates privileged and unprivileged users? What types of controls do we need on-premises versus in cloud environments? How are we controlling configuration drift? Clear guidelines paired with consistent monitoring and reevaluation are key to well-defended modern enterprises.
#4: Implementing a Security Operations Center (SOC)
IT shops with one “security guy” are falling out of fashion (and function), as organizations continue to acquire dozens of security tools that require considerable inputs for setup, maintenance, and performance. SOCs formalize an organization’s security practice and commitment to unified protection strategies.
#5: Implementing DevSecOps practices
For the many organizations with DevOps in place, or those pursuing it, shifting slightly to a DevSecOps approach means bringing security into consideration early in the development cycle and from end to end. A comprehensive DevSecOps approach may encompass security automation for speed or security training for developers, as examples.
Ensure success across security initiatives.
Whether your organization has similar priorities to those of our survey respondents or is facing other security challenges, we’re here to help you be successful.
Insight is a certified and award-winning partner of major security vendors like Palo Alto Networks and Fortinet. We’re aligned to industry standard framework NIST and bring more than 30 years of data, networking, and cloud experience to the table. Learn more about our security practice here.