Et tu, Brute? How We Protect Ourselves

The Ides of March is upon us. But for the non-Roman History buffs or dictators out there, what does that mean today?

It was the day that Julius Caesar was stabbed 23 times by up to 60 Roman senators led by Marcus Junius Brutus the Younger. This moment has been memorialized throughout history, and dramatically so in William Shakespeare’s play, with the soothsayer’s warning of “Beware the Ides of March.”  And no, your InfoSec leader or CISO is not a dictator, so put the knives away.

In our modern, cloud-forward world, we face dangers, not just today, but every day. These can take a variety of forms. From Shadow IT to any of the ways that caused some of the biggest data breaches and hacks in the last year.

So on this day, the Ides of March, we reflect on how we, as business and IT professionals, can protect ourselves. Here are a few things you can do:

Understand your App Ecosystem: Every company’s app ecosystem is different so having an understanding of your unique ecosystem is critical to gaining insights on how your organization is using cloud services, identifying inefficiencies or duplications, and locating potential security holes. Where possible, gain visibility into what apps are being used across the company by which groups and individuals, how often, and whether healthy password habits are being followed.

By having an overview of these elements, you can determine if you should streamline certain services or if Marketing really does need Dropbox while Product is using Box, and Sales is using Google Drive. You can also eliminate unused licenses for a paid application when there are unused seats, thereby reducing your overhead.

Bolster Security: Don’t just wait for something bad to happen to you, your organization, your customers, and your employees. Take precautions by enabling good sense security measures like two-factor authentication (2FA) for all employees and eliminating passwords wherever possible by leveraging SAML to access your apps.

Be Prepared for Every Eventuality: Stuff happens. Sometimes it is good, sometime it isn’t so good. You need to be prepared for every possible scenario including a major data breach or hack. Have plans and processes in place so you and your team can quickly react by turning off access for individuals or all applications and sensitive materials, resetting passwords organization-wide or a particular group, and auditing events to understand what happened, when, and what impact those actions have on your organization.