Only 37% of organizations responding to a recent Cisco survey said they’re confident they can remain resilient in the event of a worst-case security incident.
That’s not surprising, given the rapidly increasing volume of endpoints distributed across complex IT architectures. Hybrid workforces combined with diverse IT infrastructures continue to make security resilience a daunting task.
“We don’t secure everything, everywhere, or otherwise business wouldn’t get done,” said Helen Patton, CISO, Cisco Security Business Group. “But security resilience will allow you to focus your security resources on the pieces of the business that add the most value to an organization and ensure that value is protected.”
To that end, here are three best practices toward improving your security resilience posture.
- Get the basics in place
Many organizations have recognized the need to move away from passwords to better secure the hybrid workforce and are moving toward adoption of multifactor authentication (MFA) solutions. The number of MFA authentications has risen by 38% in the past year, according to the 2022 Duo Trusted Access Report.
Other practices to consider include adoption of passwordless technologies, which verify identity using biometrics, security keys, or mobile apps. These authentication methods are safer than relying on passwords, which are easily compromised. Passwordless solutions also have the benefit of reducing help-desk tickets among users who’ve lost or forgotten their passwords.
- Continue on the zero-trust security path
If you’ve adopted MFA and/or passwordless, you’re on the path toward a zero-trust security strategy, an approach that aims to secure access across applications and the network – no matter whether the access request is coming from a user, device, or application.
Traditional security is based on location, which doesn’t offer the best security considering today’s distributed workforces and the movement of applications across clouds, on-premises data centers, and the edge.
A zero-trust strategy helps reduce that broader attack surface with practices and solutions that segment applications and the network, enforce security policies, secure network access, and more.
- Simplify hybrid cloud environments
There is little difference in security resilience between organizations whose IT infrastructures are predominately in the cloud versus those primarily on-premises, according to the Cisco Security Outcomes Report, Volume 3.
However, it’s the in-between where resilience drops. For example, those businesses that are in the early stages of a hybrid cloud model score 14% lower than organizations whose infrastructures are mostly on-prem.
The key is to simplify security management of hybrid cloud environments. Seek easy-to-use tools and services that, for example, provide visibility, automate and enforce security policies, and provide threat detection and remediation. A consolidated platform with these capabilities goes further to strengthen these complex hybrid models.
The bottom line
Today’s distributed workforces and hybrid IT environments, coupled with constantly evolving cyber threats, present new security risks. These best practices can bolster your organization’s ability to address these risks and become more resilient.
Click here to learn more about what is driving the need for security resilience in a hybrid world and why it’s important.