Contemporary enterprise organizations continue their migration to the cloud to save money, increase flexibility and reduce the burden of keeping experts on staff to manage infrastructure. But, while the benefits of moving to the cloud are real, it’s essential to expand your tech stack responsibly—and that starts with security.
Contemporary security considerations for enterprise-level organizations:
- Sensitive data leaving the company firewall – Once sensitive data leaves the perimeters of an organizational firewall, it’s vulnerable to malicious actors. Some firewalls protect the enterprise network and users while others protect information in transit between cloud applications. As the workplace marches towards all things cloud-based and digital, it’s essential to protect data both in transit and at rest.
- Bring-Your-Own-Device (BYOD) and remote work culture – Companies now allow—and even encourage—employees to use their personal cell phones, tablets and laptops for work activities. This is another avenue for organizational information to leave the safety of the company network and once it moves onto personal devices, it’s a security risk. The popularity of the BYOD culture is driven in part by the uptick of remote employees.
- Breaches, hacks and attacks – According to a recent report, 38 per cent of organizations aren’t equipped to detect a sophisticated breach and in 2017, the average cost of a data breach was $3.62M.[i] A strong cybersecurity infrastructure can mean the difference between shutting down operations and business as usual.
- Shiny object syndrome – Everyone wants to download the latest and greatest tech gamechanger. And while most third-party SaaS solutions are safe, organizations can’t afford to jump on board (or let their employees do so) before conducting their own cybersecurity due diligence.
- Shadow IT – Employees may be downloading or using third-party software or apps to exchange sensitive information. Organizations need to make a better effort at making the protection of data the path of least resistance.
Four ways to expand your tech stack responsibly
- Lay the foundation with encryption – Encryption converts information or data into a code for the purpose of preventing unauthorized access. Before you do anything else, make sure your data is encrypted in transit and at rest. Encrypting communications secures sensitive data and protects it from nefarious use by malicious agents (including insiders) and from accidental breaches by employees. Choose a user-friendly encryption platform that makes encryption the path of least resistance. With Echoworx’s OneWorld encryption platform, you can turn cybersecurity into a competitive edge, increase digital trust and enjoy a significant return on investment.
For example, a recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits. This same study showed that using the OneWorld platform to replace legacy on-premises encryption solutions could save the software cost of previous solutions and avoid other legacy-related costs for a three-year savings of $793K.
- Apply good governance – Is governance part of your cybersecurity framework? If not, start today. Who oversees and is responsible for managing technological expansion, assessing cyber risks and vulnerabilities and creating a way forward? If the answer isn’t clear, it’s time to make changes and get your board of directors involved too. Did you know that only 40 per cent of corporate boards participate in their organization’s security strategy?[ii]
- Assess your current tech stack – In the old days, IT vetted all the tech brought into the business. But in large organizations, tech slips into departments based on team needs, with little regard for the big picture. Many organizations vastly underestimate the amount of software being used across their operations, marketing, sales, human resources, business intelligence and project management teams. When you reveal the real current state, it gives you the information you need to move towards a sensible future state.
- Provide the tools your employees need – The biggest culprit of shadow IT are apps and programs designed to streamline employee workflow. You need to provide your employees with the best tools to do their jobs effectively and safely.
- Implement privacy by design – The Privacy by Design framework, developed by privacy expert, Dr. Ann Cavoukian, is based on seven foundational principles. They are proactive not reactive, lead with privacy as the default setting, embed privacy into design, retain full functionality, ensure end-to-end security, maintain visibility and transparency and respect user privacy. If each new item in your tech stack follows these principles, it reduces the risk and costs of taking a reactive approach to data security.
To learn more about Privacy by Design, download our white paper here.
At Echoworx, encryption is all we do. If you’d like to make secure communications easily accessible across your organization, contact us. We’ll show you how the right encryption technology can differentiate successful digital transformations from the rest.
By: Wen Chen, Senior Manager of IT and Support, Echoworx
[i] EY Global Information Security Survey 2018-19