How has your cybersecurity focus evolved over the past year?
Sort by:
Cybersecurity has become increasingly vital as digital threats continue to evolve. Our focus has shifted towards proactive measures, including regular security assessments, employee training, and implementing advanced threat detection technologies. Additionally, we have been closely monitoring emerging trends such as AI-driven security solutions and zero-trust frameworks. Staying updated with the latest cybersecurity developments has been crucial to ensuring the safety and integrity of our digital assets.
I would say that the pandemic made some positive financial opportunities for me over the last year. I've been able to modernize a ton of things around the school, but most importantly, my security. I'm ripping out my email security gateway and I'm going with Proofpoint. I've put in Armorblox and Varonis and I'm going to put in Code42. I put in some hyper-converged infrastructure and I'm going with some of the Nutanix suite and Veeam, to have immutable backups on both the server side (Nutanix/Veeam) and the desktop side (Code42). When we get done with that, we'll probably look at Gytpol which is a newer player in the monitoring/configuration space. I've been able to move the bar pretty far forward in just a short amount of time in the InfoSec space.
COVID really made me take a step back and look at my suite and realize that I can't move at the pace of the business. So we're getting ready to rip a lot of things out. I feel that the startups and some of the second or third level investment startups have the right level of focus on business and technology.
For the past year, the security focus was the fear of work from home, the fear that home networks would invade our network through VPNs, etc. I put a lot of precautions in place that didn't see anything catastrophic happen, so that's been good. Now my focus is on how we can integrate what we're doing security-wise into a much larger organization.
Make developers think application perimeter, secure coding even for internal emplayee facing applications. Push for minimum authorization even when people have traditionally had/would like to have access for which they have no business need. Security is a mindset and it needs to be applied everywhere and not make it an IT perimeter issue. Thats been the evolution over the last 2-3 years (I know thats not exactly what was asked). Compliance and audits however has been a great focus over the last year so that the enterprise not only says its doing something but has to prove its doing it.