In my last blog, I described a new next-generation cybersecurity mindset to address the lack of control associated with “shadow IT.” As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies.
In Part 1 of my blog, I described how data security must become smarter about the sensitivity of the content and where it resides across enterprise and 3rd party networks. Aside from deeper data intelligence, however, we also need much deeper identity intelligence than the basic user name, password, and role descriptions we have today. This makes identity the other cornerstone of next-generation cybersecurity.