Your end users are your biggest source of risk. To mitigate this risk, you train and educate your users on security policy, but training and education is not enough. Over the past year you might have watched your users:
- Adopt widespread BYOD and shadow IT assets
- Proliferate large amounts of sensitive data and files
- And constantly switch between work and personal assets
From this there are a few clear lessons.
First: During times of stress, your users might forget their security training.
Second: They will subvert policy — intentionally or not — to get their work done.
Third: You must develop more robust user security that protects your users during those inevitable moments when their training and education fails.
Here’s how you can accomplish these goals.
Robust User Security: Three New Outcomes to Achieve
To be clear — user training and education is important. It delivers three critical outcomes:
- It makes users more vigilant while they work.
- It teaches users red flags to report or avoid.
- It turns users into stakeholders for security.
But if you acknowledge that user training and education will fail from time to time, then your user security strategy must also drive towards three additional outcomes:
- It must limit the number of times that users subvert policy by getting out of their way and allowing them to complete their work without obstruction.
- It must reduce the volume and severity of incidents that users will generate when they invariably make mistakes and subvert policy.
- It must rapidly detect, investigate and learn from the incidents that still occur.
To achieve these additional outcomes, you must develop a suite of new capabilities.
Robust User Security: Nine Core Capabilities to Develop
To build non-intrusive security that gets out of your users’ way, you need:
- User Behavior Monitoring to set a baseline for normal behavior and to only intervene when you notice a significant aberration.
- Asset Discovery and Inventory to find and account for all of your users’ BYOD and shadow IT assets.
- Data Risk and Privacy Monitoring to find all instances of sensitive data and files that your users have proliferated.
To limit the volume and severity of incidents that can occur, you need:
- Configuration Management to enforce access rights and security settings on all assets.
- Zero Trust to add identity inspection and authentication touchpoints that raise the barrier to entry into your environment.
- Fundamental IT Hygiene to reduce vulnerabilities in the environment for attackers to exploit and move laterally between.
To rapidly find, remediate and learn from incidents, you need:
- Continuous Visibility to detect incidents as soon as they occur.
- Incident Response to remediate incidents before they cause harm.
- Remote Control to close all instances of the vulnerabilities that attackers exploited in your environment.
Layer these additional controls over your users. Protect them in those moments when their training and education fails. And you will more confidently close your organization’s biggest source of risk.
To learn more, download this Minding the IT Gaps whitepaper that discusses how a unified approach to IT management closes major gaps in business resilience, visibility and accountability.