By Joe Rubino, Vice President & Global Chief Information Security Officer (CISO) at HCL Software 

We are in a new world. As such, we can continue to expect significant change throughout all aspects of our lives for the foreseeable future. As the global workforce transitions with mobility at the cornerstone of the technology landscape, the foundational need for effective, comprehensive endpoint management rises to the forefront. Developed through my 20 years of security experience at HCL Software, Bloomberg Industry Group and the CIA, I’ve highlighted a few key focus areas below for navigating endpoint management effectively and securely in this new age. While these tips may be particularly salient during these challenging times, I’d encourage all of you to consider them all the time when evaluating what are – and what are not – the best business value returns of our time, effort, and expertise in endpoint management.

1.  Radical Visibility

Now is not the time to be distracted or complacent. Now is the time for rapid transparency, radical honesty with yourself, your team, and the Board about strengths and weaknesses in your enterprise endpoint landscape. Ask yourself the following… Do I really know what my endpoint environment consists of? Do I have a clear understanding of VPN utilization throughout my enterprise? Is effective security tooling integrated across the entire attack surface? Are all endpoints receiving the latest patches? Is multifactor authentication deployed consistently and appropriately? Which endpoint devices are off-network, and which are on, and how is that changing over time? The list goes on and on. And unfortunately, many within the Security community have insufficient answers. Adequate visibility into these endpoint issues is foundational and particularly important in effectively managing the mobile workforce. While it’s tempting to say to yourself ‘sure, I have visibility gaps, but I’ve been able to manage up to this point’, fight the urge. We can’t protect what we can’t see. Now’s not the time to continue the status quo. Demand better.

Watch the Webinar:

How a Fortune 500 CISO Found Rapid Cost Efficiencies: Tales of Effective Crisis Management


2.  Simplified Operations

With this newly discovered Radical Visibility into your environment also comes the responsibility to take appropriate action to solidify existing protection and management mechanisms or deploy new ones altogether. But where do you start? Prioritization becomes critical. And while issue/risk prioritization will vary for each organization, I think we can all agree that there are foundational principles across every segment — to reduce complexity, consolidate redundant vendors, enhance focus on core security capabilities, and establish effective controls across the environment. The challenges we face as Security professionals are already quite complex, seemingly becoming more so every day, so let us not add to that complexity by onboarding security tools that aren’t integrated well within our existing environments, that take up massive amounts of resources (money, time, expertise) for teams to procure, deploy and maintain, and ultimately don’t enhance the visibility needs in a seamless way. I’ve witnessed talented, overworked operational security teams dedicate outsized portions of their time on the tool evaluation, negotiation, and procurement steps associated with onboarding. All-important activities, yes, but all activities that do impact a security teams’ availability to apply their expertise, incorporate their analysis into the challenges we face and ultimately, maximize value for their organization. Navigate that balance effectively. Simplify ownership. Remove redundant products that don’t work together. Maximize return on endpoint management investment. Demand better.

3.  Gain – and Sustain – Assurance

Assurance is commonly defined as ‘confidence of mind or manner’. And within a security context, it ultimately centers on the question – do we/others have confidence that our technical, operational and managerial mechanisms provide effective protection. For those of us within the Security community, assurance is sacred. It’s grounded in straight talk, earned through diligent effort and clear communication with our colleagues, partners, customers and our executive teams. By adhering to the principles of radical visibility into our endpoint environment, and by simplifying operations that are directly aligned to value-added elements of the organization, we can gain (and sustain) the fundamental building blocks of lasting assurance. In this rapidly changing world, that assurance comes in many different forms – from legacy security compliance expectations, to evolving privacy mandates, to unique customer requirements. Couple that with assurance needed amongst your own executive team about competing resource needs and internal prioritization, sustaining assurance is certainly a challenge. So, don’t ignore the basics. By following the principles referenced above of focused visibility across your endpoint landscape, streamlined operations throughout your technology teams, and the adherence to a multi-faceted assurance model for the business, we will see a greater return on our investments, and thus, a greater sense of assurance in the capabilities that we provide. Our organizations and customers deserve better. We should deliver. Demand better.

Joe Rubino is Vice President & Global Chief Information Security Officer (CISO) at HCL Software. Prior to HCL, Joe spent 5 years as the Chief Information Security Officer at Bloomberg Industry Group and 15 years as an Intelligence Officer in the Office of Security at the Central Intelligence Agency (CIA).

For more information please visit


Comment wrap
Further Reading
Automation | September 18, 2020
BigFix Lifecycle and Compliance now includes MCM and Insights
All active Compliance and Lifecycle customers are now entitled to BigFix Modern Client Management (MCM) and BigFix Insights, extending the business value of these investments and accelerating BigFix's ROI.
Automation | September 16, 2020
ServiceNow© ServiceGraph Connector for BigFix is now available!
Using the ServiceNow© ServiceGraph Connector for BigFix organizations can harness the wealth of near real-time, hardware and software endpoint data from BigFix Inventory to automatically enrich records in the ServiceNow CMDB.
Automation | September 3, 2020
Understanding BigFix: The Premier Endpoint Patch Solution
Thousands of businesses of all sizes and industries have chosen BigFix as their enterprise endpoint management tool. In fact, BigFix manages millions of endpoints worldwide, providing real, tangible value to IT and Security Operations teams. BigFix excels at continuous patching and eliminating configuration drift – both critical to effective endpoint hygiene. If these measures are properly implemented and monitored, the probability of a breach drops exponentially. Understanding why CIOs and CISOs rely on BigFix to secure their endpoint environment is critical to how BigFix achieves 98% or greater first-pass success rates.
a/icon/common/search Created with Sketch.