Most organizations have to handle cyber security improvements on the fly; while the business is operating and while other elements of the company are changing and expanding the IT function. A frequent lament is that if everything would just stand still for a while, much more could be done to secure the borders and internal security structures.
Mobile security must factor in user experience
In addition to IT improvements that are normally cataloged and sanctioned by some sort of management planning committee, there are many other efforts in the normal organization that may be creating vulnerabilities and putting systems at greater risk of a breach. SAAS (Software as a Service) and Cloud based applications may be expanding rapidly with no involvement or knowledge of the IT function. BYOD (Bring your own device) efforts may be happening far beyond the policies that have been established. Large datasets may routinely be copied into Excel, taken offsite, and put some of the most sensitive information that the organization owns at risk for loss or active theft.
Charles Jennings, author of the “100th Window”, an early cybersecurity book, stressed that if you are guarding a building, only one open window is required for entry; and allows great access once breached. Are you doing all you can to close all the windows and insure that other, layered defenses are in place across the entire organization?