Forrester, one of the top global research and advisory firms, works with international business leaders to build both perspectives and strategies based on trends and predictions.
A large part of Forrester’s research is dedicated to cybersecurity and the mitigation of threats relevant to that ecosystem. Although businesses differ in size and scope, the fundamental security challenges and solutions remain largely the same. We sat down with one of Forrester’s senior analysts Chris Sherman to ask what questions he hears most - and came away with his impressions on the top five cybersecurity questions you should be asking.
Should I be considering 2FA for my business?
The answer, an clear yes. Two factor authentication (2FA) has emerged as the leading augmentation for password protection. Monthly reports of password breaches across international news media have laid bare the risks of the single password's authentication credentials for protecting sensitive information and critical transactions. 2FA, including software tokens and hardware tokens, transaction signing tokens, biometrics authentication and behavioral biometrics, has matured. This technology has now taken a leading role in the fight against breaches linked back to weak passwords.
Encryption for my business, a worthwhile consideration?
Again, yes. The majority of organizations require encryption - especially where regulated or highly sensitive data is concerned. Security and risk professionals should turn to encryption technologies to protect corporate data, meet regulatory requirements and prevent accidental data leaks due to the loss or theft of mobile devices.
While key management challenges remain around the use of encryption, the benefits of encrypting data, from protecting customer privacy to reducing the cost and impact of a breach outweigh potential operational negatives for most security teams.
Email encryption, me?
Email encryption has become a necessity for highly regulated industries such as financial services, healthcare, defense and government. Despite this, many enterprises still don’t deploy email encryption for their employee’s use. Tracking this situation, Forrester expects cloud-based email security services to drive some growth. As we all know, email has been the most common method to transfer documents and small files across the internet. To protect sensitive data and comply with standards and regulations for sectors such as the payment card industry (PCI), it became necessary to have email encryption. Now, because email is still the most common method for communicating and transferring sensitive data, email encryption will remain critical tool for businesses, especially those in regulated industries.
Full disk encryption, when does it become business critical?
Most endpoint environments consists of portable devices with access to sensitive information, if that is the case for you, you’ve got to consider full disk encryption (FDE). FDE encrypts the endpoint's entire hard drive, including the boot sector, when the endpoint is not in use. FDE has a level of operational simplicity that many organizations enjoy— in that you don't have to choose which data should be encrypted; it doesn’t involve any error-prone user actions; and can be rapidly implemented with a blanket policy. Additionally, while hard disk manufacturers continue to enhance support for hardware-based full disk encryption, software FDE solutions are improving in performance and ease of deployment. These can also deliver peace of mind.
Cloud-based management server for a security product. What are the security implications?
The number of vendors offering cloud-based management platforms for their security products is rising. The main drivers for moving to cloud delivery of cybersecurity include lower operational overhead, scalability and increased deployment flexibility.
To be fair, people have some legitimate concerns about this course, including vulnerabilities in the vendor’s environment having the potential to expose the client organization to risks and concerns over how the client organization’s data is handled. But, both interest and adoption are high among enterprises as well as small and medium businesses (SMBs) due to the clear benefits offered by cloud-based management.
Ready to learn more about data encryption and 2FA?
- Click here to watch “Not optional: Why businesses need encryption and 2-factor authentication now” featuring Chris Sherman of Forrester to discover: The mechanics of how these technologies work
- How encryption and 2FA protect against human error and social engineering
- Why deploying these tools increases customer confidence and trust
- How to implement both encryption and 2FA in minutes, at minimal cost