Confidentiality, Integrity, Availability

Confidentiality, Integrity, Availability
Why isn’t cybersecurity more user-friendly?

Top Answer : We have to make sure that we've got secure products and sometimes the one thing that destroys the customer experience is security. Sometimes companies don't really think about how disruptive security can be to that customer experience, which amazes me.  For example, there is a brand new, online robo advisor that I use and one day I tried to log in through their mobile app. I put in my user ID and password; it sent me a two factor code and then told me my username and password were incorrect. So I went back and reentered it over and over and nothing worked. I finally reset my password and tried it again but it still didn't work. About a minute later, an email comes in that says, "We're changing our authentication mechanisms. That code we sent you was a password. Please use that in place of your actual password. This will be our authentication mechanism moving forward." I thought, "Who the heck designed this?” It was the craziest thing I've ever seen.

Do you still experience pushback on implementing robust password policies at your organization?

Top Answer : It's a constant battle because the more complex and difficult you make the password, the more people will write them down on a piece of paper. A company I once started with uses Workday for HR; they had a problem setting up my account and so they reset the password manually. This is Workday, so my bank accounts and their routing numbers are in there, as well as my emergency contacts and my address. I got an email from the help desk person who said they reset my password to the company name with one really common number letter substitution, like “123". So of course I had to send an email to this help desk person explaining that while this password meets the complexity requirements of the company on the surface, that is not a secure password and that the first thing any decent hacker will do—even a kiddie scripter—is write a custom dictionary for their brute force attempt that includes common combinations of your company name and things about your company with 123 after it. The icing on the cake was that the system didn't even prompt you after they changed my password to reset it.

Is WeWork a secure office solution for a hybrid or fully remote workforce?

Top Answer : My first experience with a WeWork location outside of the US was in Berlin. I opened my laptop and scanned the entire block of IPs that I had access to. I think I was on the guest network, so I only expected the internet. I shouldn't have been able to see anyone else. But I saw everyone: not just live hosts, I saw open ports, too. Open ports were all I needed to see, and at that point I saw my employees, but I also saw folks from the HP space and Amazon is above us. And at that point, I had to make a determination: It should not be up to WeWork to secure my end users. We're in their space. For me to try to bring in my own personal area network (PAN) appliance or firewall and own access points (APs) is not worth the investment because we could be here for just six months to a year. So we started to focus on the endpoint, which ended up being a lot more efficient from a cost and labor perspective.

What are your thoughts on SaaS management platforms (SMP)?

Top Answer :

Related Tags
Business Application Development
Architecture & Strategy
Requirements & Design
Testing, Deployment & QA
Mobile Development
Selection & Implementation
Business Analysis
Applications Vendor Landscapes
Data Center
Public and Hybrid Cloud
Business Applications
Crisis Management
Data & Business Intelligence
Artificial Intelligence
Business Intelligence Strategy
Data Management
Enterprise Integration
Machine Learning
Data Lake
Big Data
Data Warehouse
Disruptive & Emerging Technologies
Virtual Reality
Digital Innovation
Augmented Reality
End-User Services & Collaboration
Collaboration solutions
End User Equipment
End-User Computing Devices
Endpoint management
Productivity tools
Document Management
End-User Computing Applications
End-User Computing Strategy
Voice & Video Management
Continuous Integration
Technical Product Management
Continuous Deployment
Quality Assurance
Customer Relationship Management
Enterprise Content Management
Customer Success
Enterprise Information Management
Enterprise Resource Planning
Marketing Solutions
Human Resource Systems
Product Recommendation
Risk Management
SOX Compliance
Governance, Risk & Compliance
Infrastructure & Operations
Cloud Strategy
I&O Finance & Budgeting
Operations Management
Network Management
DR and Business Continuity
Server Optimization
Attract & Select
Cost & Budget Management
Manage Business Relationships
Organizational Design
Program & Project Management
Train & Develop
Talent management
Performance Measurement
Organization Structure
Manage & Coach
Availability Management
Financial and Vendor Management
Service Desk
Management Tools
Enterprise Service Management
People & Process
Process Management
Asset Management
Project & Portfolio Management
Portfolio Management
Project Management Office
Confidentiality, Integrity, Availability
Secure Cloud & Network Architecture
Endpoint Security
Data Privacy
Identity and Access Management
Security Operations Center
Security Strategy & Budgeting
Security Vendor Landscapes
Threat Intelligence & Incident Response
Threat & Vulnerability Management
Vendor Management
Infrastructure Vendor Landscapes
Strategy & Operating Model
Business Continuity
Architecture Domains
Tool Recommendation
Where have you faced the most resistance when it comes to implementing zero trust policies?

Top Answer : Zero trust has been around as a concept now for 5+ years. And every single time I've tried to implement it, it’s never worked. Because every time we've reduced the footprint down to zero trust, the people who tend to be the most vulnerable always complain. The CEO’s calling you on their trip to Hong Kong saying, "I don't understand, why can't I access my email? Why can't I get access to this SharePoint site?" You’re like, "I had zero trust and you're in a new place so you have to re-authenticate yourself." But then they don’t have their dual factor and so on. Pretty quickly we get an edict not to put these measures in place for the executive team. But of course, the executive team is the most vulnerable. So how do you work around human psychology in that regard?

Apart from security, what IT topics really grab the board's attention?

Top Answer : If it's not about security, then it really depends on the company and where they're at. Digital strategy is different for every company, so their digital issues are different. For UKG, their biggest issue isn’t an IT issue, it's a product issue: What's the product going to be and how are we going to do cloud operations with the infrastructure, once that's figured out from a business perspective? For World 50, it's the digitization of their business: how do they translate their experiences, which have been thrust into an online-only universe in the last 12 months, and how do they continue to drive that forward in a hybrid universe? So I don't see a common theme, but everybody's investing in technology in some form. Very few companies that I'm working with don't care about it.