Are you confident in the security of your work-from-home environment?

LeadershipSecurity & GRC
2.2k viewscircle icon2 Upvotescircle icon6 Comments
Sort by:
Managing Partner, Partnerships & Strategy in Software5 years ago

No. I believe no one should be confident. Covid has accelerated WFH and introduced the challenge of securing not just one or few offices, but potentially thousands. As we’ve seen with recent hacks (SolarWi, Microsoft Exchange, FireEye, Facebook) the frequency and severity of attacks seems to have increased of late. With the increasing use of cloud services and various different devices, there just seems to be more points of weakness attackers could exploit, not just at the end point but throughout the software supply chain.

Lightbulb on5 circle icon1 Reply
no title5 years ago

Well said Jay.  In addition to securing networks and endpoints, user training is vital for mitigating intrusion and data loss risks.

Fractional CIO in Services (non-Government)5 years ago

Comfortable, but not over confident

Lightbulb on2
President and National Managing Principal in Software5 years ago

We're professional services. We've got one corporate office and then 200 people that went onsite to clients. We were pretty well remote-friendly, anyway. We're loaded up with security software (Zscaler, Netskope, CrowdStrike, etc.). Got a cocktail right, all loaded up on the laptop.

Lightbulb on1 circle icon1 Reply
no title5 years ago

I have had CIOs express the need to secure their execs' home offices and I'm like, why just the execs? Who cares? It should be everybody. You should have a solid security solution rolled out everywhere. And I already know they have all these tools like Zscaler, but they're worried about the home internet connections as well. It's a toss-up.

Lightbulb on1
Sr. Director of Security Engineering in Software5 years ago

I actually feel good about it. I'm not all that worried about it right now, to be honest. There is always room to improve and iterate, but I feel like we have a strong foundation.

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Read More Comments

If you are a managed service provider (MSP), are you considering reselling managed detection and response services from your vendor?

Yes73%

No26%

What is the best work travel advice you’ve ever been given?

Read More Comments

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models.  Scope includes Environment Setup:  Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation.  Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

Is your organization looking to implement a productivity monitoring tool?

Yes—we've already implemented this29%

Yes—we're considering implementing this44%

Yes—we plan to implement this9%

No16%

View Results