Gartner Newsroom

Key Takeaways

• “Remote access VPN is arguably the most important tech for security and infrastructure and operations today.”
• “With the onset of COVID-19, workers now need a VPN to ‘get into the office'."
• “The first step in brainstorming the best VPN technology for your organization is to define your use case along four key variables: 1) user, 2) device, 3) data and 4) location."
  
• “There is no one right approach to remote access - you have to understand the strengths and limitations of each solution.”
  
• “Don’t use always-on VPN unless you absolutely have to."
• “For the paranoid security people, virtual desktop infrastructure (VDI) solutions are best. It prevents enterprise data from making it to devices, however poor end-user bandwidth is a caution for workers in disparate locations.”
• “Classify the data that is important to your organization rather than trying to protect it all, and then pick the appropriate controls based on that classification.”

Key Takeaways

• Identify Your Crisis Phase And Associated Action: “During the recovery phase of a crisis, the most effective security leaders will differentiate themselves from the most ineffective ones because this where they show their value to the business - by creating cost optimization initiatives.”
• Data, Data, Data: “Reliance on data is ever so important especially in cost optimization. Use a combination of business reports, benchmarking, current state assessments and asset inventory to help with decision making.” 
• Build Adaptable and Realistic Budget Scenarios: “Make sure you have planned out, tested and designed specific budgets for scenarios that you may face in the near to short term.” Sixty-one percent of security and risk teams do not have formalized budget plans and are waiting to see the impact of the pandemic. 
• Follow a Risk Value Cost Model: All business units are valuable, but some are more valuable than others. Use a model to help align cost optimization initiatives based on business unit value, risk and cost. 
• Take a Portfolio View of Cost Optimization: “Cost optimization does not mean cost cutting.” Make sure you have a balanced approach to cost optimization, understanding the supply and demand sides of the organization.
• “This is one of the rare opportunities where a realistic scenario, like the pandemic we are in today, allows us to go back to the business and showcase the importance of our security function and role in a tangible manner.”

Read more on the topic of cost optimization in “5 Strategic Cost Optimization Action Items for Security Leaders”

Key Takeaways

• “The good news is that all of the public cloud providers will federate with their identities, so you can use your enterprise identities and your preferred identity as a service provider, so at least you have consistent authentication.” 
• “All the storage systems and services are different across these public clouds, but we can apply consistency in a policy that says ‘encrypt all data at rest in public cloud.’ And, we can implement a centralized key management system.”
• “The vast majority of [cloud] mistakes are self-inflicted wounds—mistakes that the customer makes.” Cloud security posture management (CSPM) tools create automated guide rails to ensure consistent security controls across workloads.
• “All the clouds have built-in, detailed, X-ray-like vision.” A best practice is to have one security operations center that looks across all your cloud infrastructure, but using the native built-in monitoring capabilities of each cloud.
• “Ensure that you have consistency in your patch management processes and discipline.” 
• “You have workloads of all types. Our job is to give consistency in the protection of that workload no matter how big it is.” Cloud workload protection platforms (CWPPs) can help ensure consistent security.
• Take advantage of the built-in threat detection offered by many public cloud platforms, and link it to the enterprise security information and event management (SIEM) system.