EDITOR ’ S QUESTION

Many of these changes now pose some major data security issues – which are further compounded by the impending shift to a permanent hybrid working model and a constantly changing corporate IT environment . When addressing the long-term impact of these changes , CISOs should keep in mind two key gaps now present in most security organisations :

Gap 1 : Collaboration sprawl

Collaboration tools acted as a lifeline for many organisations new to remote working and are clearly now a cornerstone in IT infrastructure . During the pandemic , employees spent months rolling out collaboration tools like Microsoft Teams , Slack , Zoom and OneDrive in a hurry to remain operational and productive . However , as a recent report from Aternity showed , this resulted in a significant increase in collaboration application sprawl , with employees adopting numerous collaboration tools for internal , external and ad hoc communications . This extends the organisation ’ s threat surface and has the potential to impact data governance . CISOs are now faced with not only gaining visibility into these new applications , but effectively monitoring , managing and securing these platforms .

Closing this security gap will require a renewed focus on training and employee engagement , particularly around data governance . Now that sensitive information is moving off premises and into new collaboration platforms , CISOs must ensure employees are using and securing data properly . Beyond that , conducting a full cyber-risk audit is virtually the only way to fully understand the impact of this new landscape .

Gap 2 : Fit for purpose pen testing

With employees now working far beyond the four walls of the protected corporate environment , CISOs should be rethinking traditional approaches to penetration testing . In the past , millions of pounds have been spent trying to keep networks protected , often without an understanding of where the exploitable vulnerabilities are in the threat surface – until , of course , after a breach .

With employees working from many different locations and devices , manual point in time pen testing will no longer be sufficient .

CISOs now have to keep up with corporate networks that are constantly changing . New configurations , tools , users and locations all present new risks . While a manual pen test or annual risk audit may identify security gaps on any given day or week , the likelihood is that in the days afterwards , new risks will emerge .

With employees now working far beyond the four walls of the protected corporate environment , CISOs should be rethinking traditional approaches to penetration testing .

Change is now the new constant , so testing must also be continual . CISOs will need a consistent view of potential issues on a continuous basis to secure the ever-changing hybrid corporate network .

This means harnessing the power of automation software to identify gaps in the security environment at scale and at speed . p

JOSH NEAME , TECHNOLOGY DIRECTOR AT BLUEFORT SECURITY

www . intelligentcio . com INTELLIGENTCIO EUROPE 37