Disruption isn’t a new concept for security and risk leaders. Minimizing the impact of disruptions is a big part of the job. But most organizations are experiencing a whole new level of disruption lately, with unprecedented speed and magnitude of impact. The speed of change alone has many security and risk leaders’ heads on a swivel.
RSA Chief Technology Officer, Dr. Zulfikar Ramzan, shared on “The Download”, a few key areas for security leaders to rally around through this period of crisis response and recovery:
Workforce Transformation: Enabling a remote workforce for the first time, or significantly extending the number of employees working remotely, means more devices are connecting to the network. While strong authentication is required, most organizations need to account for a wide variety of use-cases, applications, hardware and individual needs. A one-size-fits-all approach is less-likely to succeed; A hardware token (or a software token) may not be the right fit for everyone.
As operations and processes are adapted in response to the crisis, it’s likely that individuals’ roles will change (perhaps temporarily), as will their access privileges. Employee onboarding is a likely scenario, if only to back-up employees who become ill. In some cases, employees will leave. This isn’t a time for haphazard identity governance and lifecycle.
Security Transformation: As the compute landscape changes in response to the crisis, it is crucial to maintain continuity of security operations. They need the right resources, platforms and tools to run cohesively and effectively while physically dispersed. Chief among the required capabilities is pervasive visibility of all digital assets. It’s also important to ensure that security policies and procedures aren’t relying on assumptions that are no longer valid.
Business Transformation: As businesses begin to settle into the ‘new-normal’ (and begin to plan and transition to recovery) keep in mind that the entire ecosystem is also likely experiencing disruption. Therefore, maintaining a resilient third-party risk management function is crucial. In times of crisis, vulnerabilities can be exposed, and disruptions tend to pile-up. Strengthening resiliency, even in times of disruption, may help to keep the organization below a tipping point.