After Accelerated Digital Transformation, Are You Taking Steps to Secure Your Environment?
By Rob Jackson, Senior Product Manager at Rackspace Technology & Mindy Schlueter, Senior Product Manager at Rackspace Technology
Digital transformation has been a top priority for IT for some time, but the COVID-19 crisis quickly accelerated plans.
During 2020, large enterprises and small businesses alike, according to a McKinsey study, “accelerated the digitization of their customer and supply-chain interactions and of their internal operations by three to four years.” Overnight, employees worldwide were working from home. Many companies rushed to get to the cloud and get everyone remote. IT organizations reset priorities in-kind — pushing beyond routine, hustling instead toward establishing connections for the multitudes of newly minted remote workforces.
October is Cybersecurity Awareness Month
This understandable desire to keep the trains running on time may also have come with a cost: the lack of scrutiny on backend security. Imagine what it's like now that legions of workers are on different routers and different computers, all with varying factors of hygiene. Even though cybersecurity is the focus during the month of October, it's a year-round concern. Many now want to go back and reconfigure their environments. Engaging in the right security conversations will help those security teams catch up.
Post-virus security success
Remote work continues to pose challenges for many companies who aren’t adequately prepared to support it – for human error, malicious behavior, or the 75% spike in cyberattacks using previously unseen methods (according to a 2020 Deloitte survey). With four years of evolution crammed into mere months, most current security plans are at least partially obsolete. So how can you fit current security into new IT? Here are some key considerations:
- Strategy is essential. Grand plans fall apart when ops teams who skipped the strategy conversations lack answers regarding how they will transform the security, only to be rejected by security or compliance. Have the right conversations, because mapping a sound strategy upfront is a key success factor.
- Security shouldn’t slow you down. In fact, done correctly, it can save time overall. Those who reflexively think, “More security is just going to slow us down,” try thinking, instead, of security improvements in the same way that braking while driving is preferable to crashing!
Steps you can take right now
Secure digital storefronts
A storefront can be an easy way for hackers to gain access to other parts of you network. Take the necessary steps to protect your web presence and reduce risk in an instance where an intruder walks through an open door.
- Lock down APIs
- Make sure any web application firewall (WAF) is configured properly to block malicious traffic.
- Update content security policies to close the door before a hacker gains entry
Safeguard internal applications
Often, the intricacies of securing internal applications come down to identity and access management. Cloud infrastructure is not always secured based on network security controls like firewalls; instead, it’s things like security groups, identities and policies that define who can gain access — and only when they need it.
- Improve your security posture by ensuring that your configurations only allow least-privileged access.
- Instead of adding more firewalls, consider working to ensure least privileged access (and also, zero trust —a framework including strong user identification and access policies, segmentation of data and resources, and strong data security in storage and transfer)
Evaluate your security hygiene
Seemingly everyone has experienced a significant digital transformation since March of 2020. At the same time, they’ve had less time to think about security controls and how best to architect them.
Circumstance forced many who’ve had largely on-premises footprints in the past to migrate those workloads to the cloud. Understanding where your biggest vulnerabilities lie is an often-overlooked aspect of bolstering security. Now is a great time to go back and:
- Assess the security of access mechanisms and applications
- Take action toward diligent prevention of holes in your security posture
- Implement an intrusion detection system that can help to identify vulnerabilities on your network, in your applications and in your infrastructure
- Perform patching and upgrading regularly to ensure secure infrastructure
The way forward
As we emerge from slowdown caused by COVID-19, McKinsey predicts that remote work and virtual meetings will continue at a rate five times those of pre-pandemic levels. When you're going through a transformation or migration to a cloud architecture, it's relatively easy to identify tools you need. Still, you also must use those tools effectively with the right policies and settings customized to your needs.
Rackspace Elastic Engineering for Security can help with the right strategy. Delivered as a recurring monthly service with no commitments, Rackspace Elastic Engineering for Security gives you on-demand access to a pod of security experts who partner with you to assess, implement, engineer and manage your security and compliance challenges. Your pod includes an engagement manager, a pod lead, lead architect, security architects, security engineers, a compliance expert and security analysts/penetration testers who work as an extension of your team dedicated to cyber risk remediation.
Let us help you navigate through your security journey so you can keep your business moving forward with confidence. Learn more about Rackspace Elastic Engineering for Security today.