eweekchat

A4 -- watch out!!

A4. For the business worker who is using mobile for business, make sure IT is using MDM technology so that they have better control over a device that is stolen. My colleague and our CSO, @GovernanceGuru, stated 37% of employees use personal devices to access company data...

A4: You can take this in a bunch of directions, but one I find is "nobody cares what I do" as an excuse for poor security. Training is a big necessity and can be an even bigger win.

A4. ...and only 35% have password requirements for personal devices. So what happens to lost and stolen devices is a real concern.

A4. Employees should use a password manager as a first step for general security hygiene

A4 -- usually for "sanctioned" devices that IT is giving their employees, there is usually some time of local software running to help with minimal security. However when corporate resources are accessed using a personal device, that doesn't hold true anymore.

A4 -- people should also use their common sense and not access critical, secret data from their iPhone connected to the local unprotected Starbucks wifi for example

A4. Audit your apps. Even if you’re not logged into your apps, they’re notorious for tracking where you go and what you do. Delete the apps that you aren’t using regularly and pay attention to the default location and security settings within each app.

A4: Considerations change based on location. VPNs are necessary for connection to public Wi-Fi, but not necessarily at home (unless you have non-benign roommates or a non-benign ISP).

A4 -- because the organization cannot always control well what is running on the endpoint, and where the endpoint is connected from, it is important to have back-end solutions that will perform some form of detection, investigation and response for it/when the user gets hacked

A4: SSO (single sign on) can be helpful. Folks get MFA fatigue and then just leave things relatively open. It's scary.

A4 -- even more important in case the user -is- the attacker, aka "insider threat"

@DavidGewirtz Agree!

A4: Let's also not lose track of the fact that this is SUCH a moving target. So while it's hard for IT folks and so-called power users to keep up, regular "muggle" users have a much harder time -- but still can risk the company big-time.

A4 @DavidGewirtz -- true, all users need to be in scope, regardless of their role, their access privilege, their employment status (full time/part time) etc

A4. Away from the office, nearly a third of employees are accessing corporate files through unsecured WiFi networks and on personal devices with no password requirements. This is a big problem because a large portion of these files contain sensitive information

A4 At home, it's challenging because the enterprise often needs to be sure the home environment is secure, but there can be pushback from family members, issues of too much intrusion, etc. It's a very careful dance.

A4 - @CloudNotEnough -- yes this is what we have observed also. So back-end, detection, investigation and response solutions are critical to ensure a better security posture.

A4 -- @DavidGewirtz there are solutions that not too intrusive for those use cases... Others are borderline big-brotherish and are essentially session DVR's, with recording of every single mouse click, what is typed etc. can be a bit much...

A1 - That's a great question. I think the current WFH situation is really a forcing point for everyone to understand 1) how to measure work productivity, and 2) how to secure people as an attack channel.

A1. Remote work is driving more data sprawl than ever before – we heard from our customers - 67% of IT executives are concerned about unstructured data sprawl, and more than half say remote work is the main culprit.

(moving this into the thread) A1: You know, I'd actually say it's something else: acceptance of working from home. WFH has always been a bit of a fringe activity, but now with COVID, acceptance has gone through the roof.

A1: I think the most progress has come from a new workplace philosophy. WFH used to be for a subset of work - some workers, some projects, some tasks. Now, companies need to enable all employees, partners, and customers to do everything online.

But Gorka is right, the security issue is also a big concern.

A1 - There has always been -some- WFH, bu the sheer scale of that today, and how organizations have to embrace it is really the difference. Along with the Cloud, it is really the final nail in the coffin of the "security perimeter" as an architectural approach to security.

A1. To have more control, data goverance policies getting enforced without getting "in the way" is key. Further, getting the content management architecture right is key. examples files sitting on unsecured devices, data loss, and mismanaged permissions.

A1: As for the big tech winner, that has to be video conferencing, and Zoom in particular.

(edited)

A1: It used to be that getting an exec to do a video interview required long discussion of how to hook up a webcam and get enough bandwidth. Now, webcam use and conferencing is a basic required skill. And that's just in the last 12 months.

(edited)

A1b: And so the enterprise approach has shifted from a technical approach to enabling remote *workers* (VPN etc.), to a digital approach to enable remote *work* for all parties. A lot more energy on workflow, automation, and overall efficiency.

A1. The attack surface has grown exponentially, so even basic things like hardening your routers, keeping anti-virus upto date, centralizing content in one "logically unified" silo are some of the means to meet the security challenges

A1: Inside the firewall threat has grown as well. WFH means working with roommates and family, and some of them may not be benign presences on the home network.

@DavidGewirtz Could not agree more

A1 -- Zoom because a verb during Covid, and that is despite all the incumbents and alternatives, Webex, Skype, FaceTime etc etc. Maybe because of the UX?

Good point, Gorka. When a product becomes a verb, you know you're probably on the right track ... ;-)

A1 -- it's funny how people and organizations started preferring a relatively unknown vendor (Zoom) with unknown security to more established vendors... just for the name of convenience, some cool backgrounds and filters, and a generally better use experience.

@db_graves Sidebar for you, Daniel: How can Delphix's DataOps approach be used in this office-to-home desk new world? Is this something the company is working on?

heheh. Maybe the pup can offer some insights!

Hi Chris

Good morning everyone!!

Good morning, folks!

Good morning!

@CloudNotEnough Great to see you in virtuality, Vineet!

@DavidGewirtz Hi again, Daniel!

@DavidGewirtz Welcome David! Thanks for coming!

@gorkasadowski Gorka, thanks and glad you're with us!

Thanks, Chris. Thanks everyone!

Thanks everyone, very interesting perspectives!

I enjoy how you bring together people with different backgrounds to create a better conversation.

Thanks so much for the invite!

WFH is awesome, let's embrace it and empower the users to be most efficient!!