“Vulnerability management is arguably the best proactive thing you could be doing in your security operations program.”

“One of the big changes you can make to your vulnerability program is to focus on the vulnerabilities that are being exploited in the wild. That should be the number one goal and will drive down the most risk, the fastest.”

“Don’t think about whether a vulnerability is exploitable or accessible across the network, or whether it is medium or critical ranked. What you want to know is if bad guys are using them.”

“Review your existing vulnerability assessment solutions and look for better prioritization. Make sure they support new assets like cloud, containers and IoT in your environment. If not, augment or replace the solution.”

“Patching isn’t everything. It’s hard, can break things and takes time. Have a plan B - you need more arrows in your quiver than patching.”

“If you do a better job of your vulnerability program, you drastically reduce your attack surface. It presents a much harder target for a threat actor to try to get an exploit working, and therefore, gain some leverage inside your environment. This is a big deal.”

“Remote access VPN is arguably the most important tech for security and infrastructure and operations today.” 

“With the onset of COVID-19, workers now need a VPN to ‘get into the office’.”

“The first step in brainstorming the best VPN technology for your organization is to define your use case along four key variables: 1) user, 2) device, 3) data and 4) location.”

“There is no one right approach to remote access - you have to understand the strengths and limitations of each solution.”

“Don’t use always-on VPN unless you absolutely have to.”

“For the paranoid security people, virtual desktop infrastructure (VDI) solutions are best. It prevents enterprise data from making it to devices, however poor end-user bandwidth is a caution for workers in disparate locations.”

“Classify the data that is important to your organization rather than trying to protect it all, and then pick the appropriate controls based on that classification.”

“Creating a strong privacy program means having an understanding of three things: 1) the current regulatory landscape, 2) the technology capabilities that support it and 3) the best practices that give control back to customers.”

“COVID-19 highlighted the maturity of the framework established by the General Data Protection Regulation (GDPR). This has made a noticeable difference to global privacy.”

“While it is important for organizations to start the privacy discovery process manually to get a feel for the complexity within their data, it becomes quickly evident that there is a need for automation to deliver scale.”

“One key success factor for a privacy program is the partnerships built with other organizational teams. Connect with your chief data officer (CDO) to understand what data is being used and how you can support them with privacy-preserving alternatives.” 

“Privacy is deeply personal.”

“As you gain control over the data you process and turn it back over to consumers, compliance is no longer just a goal. It becomes part of the ethical fabric of your business.”

“The pressure to transform has increased during the pandemic and trust is central in doing so: Through 2023, organizations that can instill digital trust will be able to participate in 50% more ecosystems to expand revenue-generating opportunities.”

For a deeper dive on the Outlook for Privacy, check out the Gartner press release.