ESG Blogs

It can be easy to think, “That sounds horrible! But it probably won’t happen to me.” From getting into a fender bender, to spilling ketchup on your new white shirt, to… ransomware attacks. Believing ransomware attacks will only happen to “somebody else” can put your organization at a huge risk. On a much larger scale than buying car insurance or bringing an extra shirt, taking precautions against ransomware attacks can save your organization millions of dollars, as well as employee confidence, customer trust, and more.

It’s noisy out there. Hundreds of TV shows that your friends insist you “HAVE to watch,” a concerning number of crime-related podcasts (seriously, why are there so many?), and seemingly non-stop communication with one another – text, email, social media, carrier pigeon.… There are only so many hours in the day, and a lot of things fighting for your time and attention. It can be difficult to cut through the noise and see clearly what should be prioritized, both in your personal life and at work. The cybersecurity space is noisy, too.

Last week’s Executive Order by President Biden provided a glimpse into each branch of government’s cybersecurity accountabilities and a strong declarative on the mandatory use of foundational security tools.

In part, the Fact Sheet says: “The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.”

Effectively addressing national emergencies and times of crisis has always required private and public sector collaboration. The most recent and obvious example being the development and delivery of COVID-19 vaccines. And like COVID-19, ransomware attacks cross borders, necessitating a coordinated national and international response by government agencies and technology leaders.

This month, as we head toward RSA Conference USA 2021, where  more than 40,000 security practitioners are usually all buzzing throughout the Moscone Center in San Francisco, we will all be signing in to virtual sessions instead. And just like last year, compromised credentials continue to be one of, if not the top vector for breach, fraud, and theft. These stories are in the news daily.

April showers bring May flowers, and this year’s RSA Conference. Usually there’s one topic at RSA that everyone is talking about but this year there will likely be 3: secure access service edge (SASE), eXtended detection and response (XDR), and zero trust. In my last blog, I described 8 things security executives want to hear about XDR. This one focuses on zero trust.

Big data estates, advanced analytics and insights, and the democratization of artificial intelligence (AI) are accelerating digital transformations aimed at harnessing the value of data across the business landscape. It is especially prominent in financial services, healthcare, and consumer services where customer experience reigns (and an unfortunate feeding ground for fraud and abuse).

Now that we are within a month of the RSA conference, the security diaspora must prepare itself for a cacophony of hyperbole around three industry initiatives: Secure Access Service Edge (SASE), eXtended Detection and Response (XDR), and zero trust.

Yup, all three areas are innovative and extremely promising, but a bit overwhelming as well. Look for more from me on SASE and zero trust in the coming weeks. For now, we'll focus on XDR.

We all understand that zero trust is a complex initiative. There’s a wide array of use cases, supporting technologies, starting points, and strategy options. On the bright side, one of the keys to succeeding with zero trust remains something companies arguably have the most control over – collaboration across the organization. The less encouraging news? These cross-functional relationships could be better.

The identity and access management ecosystem has come a long way in the past decade, invigorated by cloud identity, customer identity, mobile identity, and open identity standards. Industry incumbents and cloud providers have made significant investments to support scalable, distributed, multi-factor enabled and decentralized identity systems.

In my first (and exciting) week at ESG, I met with a series of sharp-minded entrepreneurs and newly funded startups that are tackling the complexities of authorization, access governance, and multi-cloud identity orchestration.