As more and more IT environments move into a hybrid cloud space, implementing industry best practices for security should be a given. We sat down with Involta’s Chief Information Security Officer, Annalea Ilg, to discuss some of the most pressing security challenges companies face today. In the final installment of our three-blog series on security, Annalea dives into endpoint protection and creating a strong security posture at your company.
Am I okay with traditional endpoint protection like antivirus or should I consider something a bit more?
The truth of the matter is that simple, antivirus software is not a good enough solution, regardless of the asset. Your critical data deserves an elevated antivirus solution that goes beyond the standard signature-based solution. You need a predictive prevention solution that allows a compromised laptop or other device to be containerized. Vulnerability scanning and enforcing configuration management is also appropriate. With the proper tools in place, you can make sure that traffic isn’t going outbound of your network in the event that somebody did click on a link.
Why do you think everyone is still struggling with implementing a strong security posture?
Implementing a strong security posture throughout your organization doesn’t happen overnight, and it is not a job for just one person. A change in company culture around the importance of security can make a huge impact but changing company culture in any shape or form is always difficult. Many organizations struggle with translating the requirements and the importance of security from the ground up but earning buy-in at every level is essential to driving organization-wide adoption of better security practices.
You don’t want to wait until something happens – a compromised data breach, a ransomware attack, etc. – before getting your organization to take security seriously. We recommend taking a proactive approach to security, but without an internal Chief Information Security Officer (CISO), organizations have a gap around their ability to analyze risks and understand technical gaps. This, in turn, creates situations where decisions about security are being made in the dark.
Another reason organizations struggle is that no one gets to start security from scratch. No one has given you a blank blueprint. Organizations will have legacy environments and procedures for approaching security that must be addressed in order to protect the vast amount of data out there.
You’ve already heard that security is catching up with technology. If you don’t have the team or CISO position representing security at the company, everyone will be overwhelmed. Individuals that receive security as an added title have a hard time prioritizing their task list because of the number of gaps they must fill. It is important to make sure that security is upfront.
At the end of the day, if you want to be successful when it comes to security, regardless of where your organization might be in its digital transformation journey, you have to embed security into the company’s culture. You have to start integrating it little by little, and the best way to do that is to start developing a security program.
For more information about creating a culture of security at your organization, download our Tip Sheet.
About Annalea Ilg
Annalea Ilg, Chief Information Security Officer (CISO), joined Involta with more than 15 years of information security and compliance experience. As CISO, Ilg runs the Quality, Security, and Compliance department. She manages holistic risk, and provides valuable solutions to protect the security, integrity, and continuity of critical organizational functions, and a team of forty individuals within Security, Service Management, Project Management, Compliance and Vendor Management.
Ilg is passionate about solving risk, promoting culture change, development and executing strategy into leading-edge technical solutions.
As more and more IT environments move into a hybrid cloud space, implementing industry best practices for security should be a given. We sat down with Involta’s Chief Information Security Officer, Annalea Ilg, to discuss some of the most pressing security challenges companies face today. In the final installment of our three-blog series on security, Annalea dives into endpoint protection and creating a strong security posture at your company.
Blog
