In a 2017 survey of IT professionals, network security continues to be the top issue of concern for CTOs, CIOs, and network administrators. Massive data breaches are now frequently reported in the media. These pose significant risks to any organization.
Security in the Cloud Improved Dramatically
When cloud service providers initially offered to manage data and applications for companies by encouraging them to use software-as-a-service offerings (SaaS) in the cloud, many were reluctant to embrace them. The fear of losing secure control over a company’s data, by allowing it to be managed off-site, was a big challenge for cloud-service providers to overcome.
Now, the opposite is true. For most organizations, transferring the data management operations and having their employees use SaaS in the cloud provides better security than the company could achieve by keeping those same functions in-house. Small-to-medium-sized firms simply do not have the resources or expertise needed to protect their data properly as well as a skilled cloud-service provider can do. The large IT security staff at a well-run cloud service provider, such as Onelogin, is much more effective than the IT security staff a single company can afford to support.
Managing Users Instead of Hardware and Software Applications
Onelogin recommends that a new strategy be adopted as part of the best practices for network security. An issue arises when a company’s employees use non-secure devices to conduct company business. The use of private email accounts, private servers, and mobile devices for work efforts are examples of risks that every company has unless policies are in place to prevent it.
The way to reduce this risk is to concentrate on the management of user identities across all services, while at the same time make it easy for authorized users to request what they need and want. This includes applications with features they desire, company-owned/managed hardware such as mobile devices, and assistance that always keeps the IT department in the loop.
Onelogin says that the best practices have shifted from focusing on the system access of a user-type to set access privileges, to now working more closely with the human resource departments to set access for a particular user based on that employee’s role in the company. This customization of access should be more targeted to eliminate unnecessary access. Access is also adjustable over time. It can be changed if a particular employee’s access needs, authority, and/or job responsibilities change.