Building a Business Case for Global Workforce Data Security


Tehama Team

Tehama Team

Aug 27, 2019

·

5 min read time

Building a Business Case for Global Workforce Data Security

Here in 2019, it shouldn’t be necessary to talk about building a business case for data security. For anyone paying any attention at all to the news, the case pretty much writes itself.

This summer alone, we’ve heard about breaches affecting Capital One and MoviePass, as well as a settlement that will cost Equifax at least $650 million in consumer payouts over its notorious data rupture in 2017. Today, 2019 is well on its way to becoming the worst year on record for breach activity: According to RiskBased Security, 3,813 breaches were reported in the first six months of this year, exposing over 4.1 billion records. Compared with the same period in 2018, the number of reported breaches is up 54%. To add insult to injury, three of the 2019 incidents have made the top ten list for the largest breaches of all time.

The Future of Work

Clearly, it’s no longer the cost of cybersecurity that needs defending. What needs defending today is the cost of failing to take cyber defence seriously. Data breaches have cost organizations untold billions in thefts, ransoms, settlements and reputational damage. And now, in the absence of any meaningful action, there is the very real risk that the public will withdraw its trust and confidence in the world of digital enterprise.

But the business case here has to be about more than the cost of breaches. After all, organizations never seem to think a breach will happen to them. And if cost alone could build the business case, it would have been a slam dunk years ago.

It may be that the better business case starts with waking up to the reality of how work actually gets done in the 21st century. Each year, the pre-digital model of a full-time, permanent workforce becomes more of a distant memory. More and more, enterprise relies on a scattered assortment of contract employees and third-party vendors, who may themselves be relying on a contingent workforce. It’s estimated that the majority of the U.S. workforce will be freelance by 2027. And when it comes to IT services alone, Gartner predicts that 50% will be outsourced as early as next year.

On the plus side, this new model of employment gives enterprises unprecedented access to a global network of top talent. On the downside, though, organizations have a new level of exposure to bad actors and incompetents, because even loyal employees and honest contractors can threaten your IT environment if there’s malware living on their devices.

It’s time for organizations to abandon the fantasy that workers can be persuaded, scolded or threatened into safeguarding data. The strategy of offloading the burden of security onto an ever-changing lineup of strangers was absurd from the start, and today, it’s just grossly negligent.

Let’s instead adopt a new approach to security, one that matches the realities of your global workforce. To us at Tehama, the approach relies on:

Four key best practices

1. Strong identity control

To do their work, your remote employees and contractors need access to corporate data. That’s typically granted through access privileges. But when a privileged identity falls into the wrong hands, you’re at risk. Authentication should always be multi-factor.

2. Impenetrable, airlocked work environment

A lot of work gets done today on laptops, phones and other mobile endpoint devices, each of which have been connecting to untrusted networks.If you give those devices access to your network, there’s a strong possibility that you’ll be opening the door to malware. The only sure solution is to conduct your business through a virtual workspace that is impervious to intrusion.

3. Zero-trust network models

If you hired someone to water your plants, you probably wouldn’t give them the keys to your safe. But when organizations grant network access on the basis of trust, that’s effectively what they’re doing. The obvious answer is to create a zero-trust environment that applies whether work is being done by an outsider or a full-time employee. In the best zero-trust model, personnel get access only to the data they need to do their jobs. Access is granted only after the user’s identity is authenticated. And every action on the platform is audited and recorded.

4. Make the Principle of Least Privilege the law of the land

Too often, convenience trumps consistency when it comes to protecting IT systems. That’s how a database administrator can end up with “superuser” access, even though he or she has only one task to do — compromising the integrity of the whole system. The key today, when it comes to securing corporate networks, is to trust no one.

Following the four basic best practices is easier than it may seem. In fact, Tehama incorporates all these protections and more. Tehama is a cloud-based SaaS solution that provides a rigorously secure IT infrastructure for connecting and growing your teams, no matter where they are in the world. Tehama allows you to onboard teams in minutes instead of weeks, and it gives you instant and ongoing compliance with standards as demanding as SOC 2 Type II, GDPR and NYDFS 23 NYCRR 500.

The business case for improved data security is simple and straightforward. And with Tehama, actually doing something about it is every bit as easy.


Shape line

Read More

Tehama CRO Mick Miralis Recognized by CRN Channel Chiefs

Tehama CRO Mick Miralis Recognized by CRN Channel Chiefs

Tehama is excited to see our CRO, Mick Miralis, recognized by CRN for the second year in a row as a CRN Channel Chief. We recently sat down with him to learn more about what this recognition means for him and Tehama.    What does it mean to be a CRN Channel Chief? Mick: Over the past year, our team has made tremendous strides in creating an environment and ecosystem built around partner success. We have a truly remarkable and talented team here at Tehama, and it feels great to be recognized by CRN for these accomplishments. It demonstrates that…
How to Protect Your Business from the Inevitable Attack Without Breaking the Bank

How to Protect Your Business from the Inevitable Attack Without Breaking the Bank

Are you worried about the growing risks stemming from the evolving cyber threat landscape that will undoubtedly one day impact your business?  Are you tired of paying for the high cost of your BC/DR provider to evaluate, procure, integrate, manage, and operationally maintain countless point solutions to protect your data, applications, and infrastructure? For a reliable, cost-effective solution for ensuring business continuity and disaster recovery, look no further than Tehama.    Don’t become a statistic According to the 2021 Hourly Cost of Downtime survey by ITIC, over 90% of mid-sized and large businesses experience costs exceeding $300,000 for an hour…
Now Available: Tehama’s Cybersecurity Platform delivers integrated, enterprise wide security.

Now Available: Tehama’s Cybersecurity Platform delivers integrated, enterprise wide security.

In today’s global marketplace, meeting compliance mandates is more than necessary; it’s a competitive advantage. In its recent report, Top Trends in Cybersecurity 2023¹, Gartner concluded that through 2026, more than 40% of organizations — including two-thirds of midsize enterprises — will rely on consolidated platforms to run cybersecurity validation assessments. Gartner also identified that restructuring the security function’s operations can enable agility without compromising security.  And that’s where the Tehama Cybersecurity Platform for Hybrid and Remote Work comes in. It’s built on Tehama’s groundbreaking P5 architecture and is the first to unify secure access to hybrid and remote work.…
/wp-content/uploads/2021/08/subscribe-background.jpg
#011627
Subscribe Here!
Get Tehama insights sent straight to your inbox!
By submitting this form, I consent to receive e‑newsletters, helpful information and promotional messages and can withdraw consent at anytime.
Subscribe Here!

Get Tehama insights sent straight to your inbox!

Loading