Written by Chris King, Vice President at IX Solutions
In early October, we held our first ever IX Solutions Security Summit at the beautiful Sparking Hill Resort in Vernon, BC. Over three days of action-packed activity, we welcomed senior IT leaders, industry experts, valued customers and trusted partners to share ideas, experiences and insights around today's evolving security landscape. The goal? To connect our community, provoke thought, and cultivate discussion among IT and cyber security leaders across industries.
What I enjoyed most about the event was the level of participation and collaborative discussion (often led by our customers). What's become glaringly obvious is that we all face the same challenges when it comes to protecting our organization's assets—whether that be people, devices or data. We were pleasantly surprised at the number of attendees who requested that we continue to facilitate this discussion in an ongoing capacity. While we're still working out what that might look like (stay tuned!), we're committed to keeping the conversation going.
As attendees shared their valuable perspectives about tackling today's cyber security challenges—whether it be a technical solution, end user awareness tactics, or ways to approach the risk mitigation discussion with leadership—we all walked away with new ideas and insights to take back to our own organizations. To shed light on some of those valuable discussions, here are the five key themes touched on at the 2022 IXS Security Summit.
1) Executives need to be part of the conversation
Many of our attendees stressed the importance of senior leadership being involved in the discussion around risk management. Those who have had the greatest success in advancing security programs and gaining approval from leadership have done so by demonstrating the business value. In other words, it's critical to be able to socialize security initiatives by highlighting the potential organizational risks (and supplementary benefits) versus focusing on the technical solution.
2) Security must be balanced with usability
Often, those with little tolerance for heavy handed security controls are those at the highest positions within an organization. While employees generally understand the significance of IT security, they're also human—and that means if your security measures require them to jump through hoops to do their jobs, they'll find loopholes that increase risk. A prime example discussed throughout the week was leveraging Conditional Access to enable multi-factor authentication (MFA). This reduces MFA prompts for trusted devices, locations and people—making the end user's life easier while maintaining controls.
3) Cloud-based security solutions enable faster adoption and enhanced protection
With our new hybrid workforces, the perimeter is now everywhere. We can no longer depend on having our data, devices and people in fixed physical locations. Cloud-based security solutions offer us the ability to manage and secure these assets regardless of where they are in the world—and we can implement them better and faster than we could with traditional security solutions.
4) Basic security hygiene is one of our first lines of defense
Industry security experts will tell you that the vast majority of breaches occur through unpatched systems, whether that be servers, workstations, mobile or IoT devices. One of the easiest things we can do is commit to scheduled and verified patching of systems.
5) Security experts are hard to find, hire and retain
We know that the security industry has a massive shortfall of skills and expertise. People can’t be trained fast enough to fill the number of security positions that organizations are hiring for. When we’re choosing security solutions, some key decision factors include:
- Is the solution a well-known industry standard? If yes, we’re more likely to find security professionals with experience administering it.
- Does the solution natively integrate with other security solutions in my organization? If yes, we’re less likely to spend less time trying to integrate different vendor solutions.
- Is the solution intuitive and easier for someone without experience to learn? If yes, we’re less likely to have to hire a security professional with specific experience administering it.
Join the discussion
Interested in becoming part of an exclusive community of senior IT security professionals? Reach out, and we'll keep you in the loop on upcoming events and cyber security initiatives.