The 13 Boxes You Need To Check To Keep Your Enterprise Secure


Jaymes Davis

Jaymes Davis

Oct 6, 2021

·

7 min read time

The 13 Boxes You Need To Check To Keep Your Enterprise Secure

If you’re in business today, it goes without saying that you have a tech security plan in place. And because you’re aware that the threat landscape is constantly evolving, you’re probably open to ways of making that security posture even more robust.

Good news: There are hundreds of credible vendors that have products and services designed to help you reach that goal. But there’s bad news, too, because those products and services cover, at best, only a handful of the vulnerabilities common to any organization that’s connected to the internet.

Right now, you have an opportunity to identify and correct the vulnerabilities that are exposing your enterprise to risk. But first you have to know what those vulnerabilities are.

By my count, there are 13 potential attack vectors that must be covered before your enterprise can be deemed secure. Covering 12 but leaving the 13th open means you’re still open to humiliating and costly attacks, as you’re about to see. If you’re compiling a shortlist of security providers for your organization, you need to know how many of the following 13 boxes they’re able to check. (Spoiler alert: Only Tehama checks all 13.)

Let’s begin:


🔲 1. Vendor automation workflow.

Today’s businesses are relying more than ever on outside support. And that makes it more important than ever to limit how much access they have to sensitive data. Luxury retailer Nordstrom found this out the hard way in 2019, when a contractor accessed confidential employee data, including Social Security numbers, birthdates, salaries, and details of employees’ bank accounts. To avoid repeating Nordstrom’s mistake, ask the question: Do you have a Payment Card Industry or audit-compliant system for managing your vendor workflow?

 

🔲 2. Endpoint security.

The rigor of your internal security policies won’t protect you against attacks on unprotected endpoints. In 2018, the Florida-based marketing firm Exactis unwittingly left nearly 340 million individual records exposed on a publicly accessible server. The database is said to have included personal information about almost every adult in America. Ask yourself: Are your endpoints secure? Where are your company’s laptops, and what’s on them?


🔲 3. Identity and access management.

You need your people to have quick access to the tools necessary to do their jobs. But the access must not extend beyond that authorized group. In 2016, lapses in Uber’s IAM led to the exposure of data involving more than 57 million customers and drivers. So, ask the question: Are you using a password manager, or at least a hard-to-crack mnemonic phrase? How about your colleagues?

 

🔲 4. Operating system workspace security.

How secure are the virtual desktops used by your personnel? Do you have the defenses you need against malware and ransomware? BJC HealthCare didn’t, and a 2020 phishing attack led to an exposure of patient data from 19 hospitals in the BJC network. Remember, the complexity of virtual desktop infrastructure (VDI) means that users have access to east and west network movement. One phishing email can strike multiple users on a session border controller, or multiple desktops on a virtual LAN. Ask the question: Can a nosy outside VM or desktop deliver malware to your system?

 

🔲 5. Data in motion.

When data is moving — whether by email, through mobile networks or in downloads, it creates an opportunity for criminal intrusion. Case in point: the 2021 attack on Amazon, Facebook, Apple, and eBay. Malware was downloaded through emails and pirated software, allowing hackers to scoop nearly 26 million login credentials from almost a million websites. It’s no secret that restrictions on data movement were relaxed during Covid. So, ask the question: How are you monitoring what’s coming into your organization?

 

🔲 6. Privileged access management.

If someone has access to critical systems, it stands to reason that that person’s access should be managed and audited. Such was not always the case at Eventbrite. In 2011, customers of the ticketing company had their credit card details harvested after two iPads holding the information were stolen from an Eventbrite employee. Once again, the question needs to be asked: Do you understand how often or how easily your critical infrastructure items can be accessed?


🔲 7. Network segmentation. 

Reducing the number of users who have access to a particular zone should be a standard security practice. Unfortunately, network segmentation was not part of Marriott’s security posture in 2018. The hotel chain surrendered millions of customer records to an intruder who gained access to one of its reservation systems.


🔲 8. Contextual policies.

A good security policy will allow you to examine what kind of device is attempting to access your data, and from where. In a 2013 cyber attack, the retail giant Target fell victim to criminals who were able to dupe a third-party vendor via a phishing email.


🔲 9. Data loss prevention.

Data loss prevention software prevents data breaches by detecting and blocking sensitive data while in use, in motion, and at rest. Such software might have been helpful to Blue Cross Blue Shield, which earlier this year lost control of more than 200,000 patient records following a sophisticated phishing attack.


🔲 10. Data at rest.

Stored data can be as vulnerable to attack as any other form of data. In 2017, Equifax failed to update various patches and encryption certificates as recommended. Cybercriminals soon gained access to Equifax’s servers, stealing the personal data of hundreds of millions of people. The company eventually agreed to pay up to $700 million in compensation to its victims.

 

The 10 points of vulnerability I’ve just outlined all have one thing in common: If organizations address them at all, it’s usually in a piecemeal way, with a cobbling together of various policies, services, and pieces of software over time. Those uncoordinated measures leave gaps in security, and cybercriminals are becoming more and more skilled at finding and exploiting those gaps.

 

I mentioned at the start of this post that Tehama checks all the boxes necessary to thwart the attacks described above. That’s because Tehama addresses the foundational elements of data security, thus doing away with the need for a grab bag of solutions assembled from a long list of vendors.

Tehama delivers foundational security through an all-in-one Desktop-as-a-Service (DaaS) solution. Our cloud-based virtual rooms, offices, and desktops can be deployed anywhere in the world and scaled up or down in seconds. Tehama offers you built-in security, scalability, compliance, and workflows. As such, it is the one solution that allows you to check the final three boxes of a robust security posture: 

 

🔲 11. Session visibility.

Tehama workspaces can be monitored live by authorized personnel, or later via a session recording. Every action taken in a Tehama room can be tracked and investigated.


🔲 12. Analytics/machine learning.

Tehama’s new Desktop Intelligence and Automation tool gives you the deep insights you need to optimize the performance of all your devices. It can also alert you to unusual activity that might compromise the security of your data.

 

🔲 13. Audit and compliance.

Tehama makes it easy and affordable to comply with all leading security standards, including SOC 2 Type II, NYDFS 23 NYCRR 500, NERC/CIP, FIPS, HIPAA, PIPEDA, and CyberSecure Canada.

 

Unlike conventional VDI or DaaS solutions, Tehama does not require on-premises infrastructure or additional tooling. It is your all-in-one solution for confidently managing a secure and compliant hybrid workforce. In short, Tehama is the obvious way to check all the boxes you need for modern data security.


Learn how to set up your secure remote workforce in just 17 minutes. Book your free demo of Tehama here.


Shape line

Read More

Openness is not a threat: How credit unions can embrace new IT models securely and with confidence

Openness is not a threat: How credit unions can embrace new IT models securely and with confidence

With the shift to remote and hybrid work, financial institutions are struggling to empower offsite productivity while keeping sensitive financial data and transactions secure. Credit unions especially are feeling the pressure due to the age of their IT systems, the need to support new partner-driven business models, and a patchwork of virtual desktop (VDI) solutions. They’re all asking the same question: “What’s the best way for us to securely enable remote and hybrid workflows?” Credit unions are well aware their IT systems are due for updating. The frailties of legacy technology are public knowledge. In Spring 2021, Cision reported that…
The Road to SASE: Know Your Gaps & Interdependencies

The Road to SASE: Know Your Gaps & Interdependencies

Over the last year-and-a-half, SASE has become a hot topic in security circles. Gartner predicts that by 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.  Yet, the journey toward SASE adoption is a complex one. To help businesses better understand the importance of SASE in today’s cybersecurity landscape, as well as the gaps and interdependencies that may exist for their organization along the way, Tehama’s Jaymes Davis sat down with Evgeniy Kharam, Co-Founder and Host of the Security Architecture Blog and VP,…
7 Common VDI Myths Dispelled

7 Common VDI Myths Dispelled

There are certain pre-conceived notions circulating around virtual desktop infrastructure (VDI). Some of them are grounded in reality, while others are purely misconceptions derived from a limited knowledge or understanding around the value and purpose of VDI. The following are some of the most common myths we encounter in talking to our partners and customers. Read further as we dispel and share insights on how to best overcome these myths. Myth #1: VDI is Never Over-Provisioned A common myth that continues to prevail across the industry is that virtual desktop infrastructures are never over-provisioned. This couldn’t be further from the…
Subscribe Here!

Get Tehama insights sent straight to your inbox!