December 8, 2015|
Vera and Centrify: Addressing the Human Factor in Data Security
By my estimation, we’re halfway through the shift towards a universally user-centric IT model. Highly regulated industries like financial services and healthcare are broadly adopting cloud services for core functions like CRM, workforce management, and collaboration. And, companies large and small have publicly declared their goal to run 100% in the public cloud by the end of this year.
This shift is pushing security teams into new, unfamiliar territory, where security pros must adapt their existing controls and practices to protect business information in an internet-scale set of new apps and services. Here, the focus is moving away from securing a perimeter, or set of managed storage containers, and instead finding new ways to directly protect and control a highly distributed network of information and applications. This is a technology challenge I’ve discussed in the past.
The second, more interesting challenge is this: more than ever before, information security professionals must spend their time on the human side of security. To truly protect their organization from internal and external threats, these teams must engage directly with the business to drive usage and engagement across employees. I’ve always said that the success of any security program is directly proportional to the rate of adoption in a group. Without broad, consistent adherence to tools and policy, your organization will not realize the ROI you’re expecting from new security investments.
It’s this need to marry security and accessibility that makes me excited about our partnership with Centrify, a leader in secure identity and access management. Through this integration, we’re giving our customers the tools they need to address a complex challenge – protecting a company’s data crown jewels as they’re shared through the cloud and across devices.
By joining Vera’s encryption and data security with Centrify’s one-click authentication and user management platform, we’re giving you centralized control over who has access to business-critical data, no matter where that data travels. End users in your organization will also benefit – they can work directly with secure documents without the need to fight through inflexible and frustrating plugins, portals, and passwords. These two capabilities together make addressing the human side of security possible. When working with secure data is as easy as sending an email, there’s little reason to circumvent the protections your security experts have put in place.
I’ve long been a fan of the mantra that “Simplicity is Security.” It’s an adage that holds true whether you’re evaluating the human or the technology aspects of protecting your enterprise. A simpler, less complex security architecture is less prone to having unnoticed gaps in the system. With a smaller surface to cover, it’s easier to detect, address, and mitigate risks. The same is true on the human side of the equation. When solutions are simple, effective, and easy to use, you see higher adoption with less effort – and fewer incentives to work around the system.
I believe that simple identity management and strong data security go hand in hand. Together, they make it possible to shift effectively shift our focus away from the old model of perimeter-based protection to a model where we secure what matters most, the data.
If you’re interested in learning more about the partnership, please get in touch, and we’ll share more of our thoughts on data security, encryption, and protecting your company’s most critical information.