Adam Gavish, co-founder and CEO at DoControl, a provider of automated SaaS security, pointed out most CISOs have adopted the Zero Trust security model.
“Many have also put in place several foundational solutions to secure access for the various identities that are connecting to critical systems and applications,” he said. “It’s important to not stop at the ‘identity security’ layer, highlighting the need for more granular level access controls throughout the IT estate.”
This is even more important for the applications that are driving business enablement and supporting business continuity.
He pointed out the hand of many organizations was quickly forced to support remote work almost overnight, and the adoption in cloud infrastructure and other as a service solutions was an easy fix to keep the business running.
“Most organizations were well underway in their cloud transformations and migrations, but these journeys were streamlined given how quickly we all had to react,” he said. “Anytime you introduce technologies that enable the business, there are always security implications and considerations that need to be addressed.”
Taking into consideration the rate in which digital transformation and cloud migration took place over the last couple of years, Gavish said organizations need to take a very close look when evaluating their existing security posture and programs.
“Attackers have recognized that dramatic IT changes were hurried to support the remote workforce,” he said. “They will be looking to exploit some of the soft spots and vulnerabilities that emerged with the influx of remote work.”