By Joe Rubino, Vice President & Global Chief Information Security Officer (CISO) at HCL Software 

We are in a new world. As such, we can continue to expect significant change throughout all aspects of our lives for the foreseeable future. As the global workforce transitions with mobility at the cornerstone of the technology landscape, the foundational need for effective, comprehensive endpoint management rises to the forefront. Developed through my 20 years of security experience at HCL Software, Bloomberg Industry Group and the CIA, I’ve highlighted a few key focus areas below for navigating endpoint management effectively and securely in this new age. While these tips may be particularly salient during these challenging times, I’d encourage all of you to consider them all the time when evaluating what are – and what are not – the best business value returns of our time, effort, and expertise in endpoint management.

1.  Radical Visibility

Now is not the time to be distracted or complacent. Now is the time for rapid transparency, radical honesty with yourself, your team, and the Board about strengths and weaknesses in your enterprise endpoint landscape. Ask yourself the following… Do I really know what my endpoint environment consists of? Do I have a clear understanding of VPN utilization throughout my enterprise? Is effective security tooling integrated across the entire attack surface? Are all endpoints receiving the latest patches? Is multifactor authentication deployed consistently and appropriately? Which endpoint devices are off-network, and which are on, and how is that changing over time? The list goes on and on. And unfortunately, many within the Security community have insufficient answers. Adequate visibility into these endpoint issues is foundational and particularly important in effectively managing the mobile workforce. While it’s tempting to say to yourself ‘sure, I have visibility gaps, but I’ve been able to manage up to this point’, fight the urge. We can’t protect what we can’t see. Now’s not the time to continue the status quo. Demand better.

Watch the Webinar:

How a Fortune 500 CISO Found Rapid Cost Efficiencies: Tales of Effective Crisis Management

 

2.  Simplified Operations

With this newly discovered Radical Visibility into your environment also comes the responsibility to take appropriate action to solidify existing protection and management mechanisms or deploy new ones altogether. But where do you start? Prioritization becomes critical. And while issue/risk prioritization will vary for each organization, I think we can all agree that there are foundational principles across every segment — to reduce complexity, consolidate redundant vendors, enhance focus on core security capabilities, and establish effective controls across the environment. The challenges we face as Security professionals are already quite complex, seemingly becoming more so every day, so let us not add to that complexity by onboarding security tools that aren’t integrated well within our existing environments, that take up massive amounts of resources (money, time, expertise) for teams to procure, deploy and maintain, and ultimately don’t enhance the visibility needs in a seamless way. I’ve witnessed talented, overworked operational security teams dedicate outsized portions of their time on the tool evaluation, negotiation, and procurement steps associated with onboarding. All-important activities, yes, but all activities that do impact a security teams’ availability to apply their expertise, incorporate their analysis into the challenges we face and ultimately, maximize value for their organization. Navigate that balance effectively. Simplify ownership. Remove redundant products that don’t work together. Maximize return on endpoint management investment. Demand better.

3.  Gain – and Sustain – Assurance

Assurance is commonly defined as ‘confidence of mind or manner’. And within a security context, it ultimately centers on the question – do we/others have confidence that our technical, operational and managerial mechanisms provide effective protection. For those of us within the Security community, assurance is sacred. It’s grounded in straight talk, earned through diligent effort and clear communication with our colleagues, partners, customers and our executive teams. By adhering to the principles of radical visibility into our endpoint environment, and by simplifying operations that are directly aligned to value-added elements of the organization, we can gain (and sustain) the fundamental building blocks of lasting assurance. In this rapidly changing world, that assurance comes in many different forms – from legacy security compliance expectations, to evolving privacy mandates, to unique customer requirements. Couple that with assurance needed amongst your own executive team about competing resource needs and internal prioritization, sustaining assurance is certainly a challenge. So, don’t ignore the basics. By following the principles referenced above of focused visibility across your endpoint landscape, streamlined operations throughout your technology teams, and the adherence to a multi-faceted assurance model for the business, we will see a greater return on our investments, and thus, a greater sense of assurance in the capabilities that we provide. Our organizations and customers deserve better. We should deliver. Demand better.

Joe Rubino is Vice President & Global Chief Information Security Officer (CISO) at HCL Software. Prior to HCL, Joe spent 5 years as the Chief Information Security Officer at Bloomberg Industry Group and 15 years as an Intelligence Officer in the Office of Security at the Central Intelligence Agency (CIA).

For more information please visit BigFix.com.

 

Comment wrap
Further Reading
article-img
Automation  /  August 10, 2020
How BigFix Displaced Microsoft Configuration Manager for Patching
By: Donald Moss, Technical Advisor BigFix Team
BigFix's efficient patching capabilities proves the overall security posture, over what SCCM was delivering. Missing patches presents an unacceptable security risk. BigFix can provide prooof to executives that all endpoints (including roaming laptops) are patched, regardless of location, connection or status.
article-img
Automation  /  August 5, 2020
New Capabilities and Improvements Released in BigFix V10.0.1
By: Aram Eblighatian
HCL is pleased to announce the release of version 10, patch 1 (10.0.1) for the BigFix Platform, BigFix Inventory, BigFix Insights and BigFix Modern Client Management.
article-img
Automation  /  July 31, 2020
Improve Security and Prove Compliance with BigFix
By: Cyril Englert, Solution Architect
Practicing continuous patching and continuous compliance are effective ways to protect your enterprise against cyberattacks. BigFix Compliance is trusted by CIOs and CISOs to secure all their endpoints -- regardless of OS, location or connection --  and to prove compliance to stakeholders and regulators.
a/icon/common/search Created with Sketch.