Skip to content

Striking the Balance: User Experience and Security

Ensuring robust security measures while maintaining a seamless user experience is crucial for IT security teams. Unfortunately, it’s something organizations still struggle to get right. There are many reasons for this. The increasing complexity of cyber threats necessitates stringent security protocols, but overly rigid measures can hinder productivity and frustrate users. Here, we explore why IT security teams need to strike a better balance between user experience and security, examines the challenges business users face with security tools, and offers guidance on creating an effective roadmap to achieve this balance.

The Importance of Balancing User Experience and Security

1. User Productivity and Satisfaction

User experience (UX) directly impacts productivity. When security measures are too restrictive or cumbersome, they can disrupt workflows and create bottlenecks. For instance, frequent password changes, multi-factor authentication (MFA) for every login, and complicated access procedures can slow down tasks and lead to user frustration. A poor UX can reduce employee morale and satisfaction, ultimately affecting overall business performance.

2. Compliance and Risk Management

Effective security measures are essential for compliance with regulations such as GDPR, HIPAA, and CCPA. However, these measures must be implemented in a way that doesn’t impede business operations. Striking a balance ensures that compliance requirements are met without compromising the efficiency of day-to-day tasks.

3. Mitigating Shadow IT

When users find official security measures too restrictive or difficult to navigate, they may resort to shadow IT—using unauthorized tools or applications to get their work done. This practice poses significant security risks as these tools may not comply with company policies, leading to data breaches and vulnerabilities. A balanced approach encourages users to adhere to approved protocols, reducing the likelihood of shadow IT.

Challenges Business Users Experience with Security Tools

1. Complexity and Usability Issues

Many security tools are designed with a focus on functionality rather than usability. Complex interfaces, convoluted processes, and technical jargon can overwhelm non-technical users. For example, a security dashboard filled with technical metrics may be valuable for IT professionals but confusing for business users who need to quickly assess the status of their projects.

2. Frequent Disruptions

Security protocols often require users to take additional steps, such as MFA or regular password changes. While these measures are crucial for protecting sensitive information, they can disrupt workflows and create frustration. Users may perceive these interruptions as hindrances rather than essential security practices.

3. Lack of Integration

Many organizations use a variety of security tools that may not be well-integrated with other business applications. This lack of integration forces users to switch between different platforms, re-enter information, and manage multiple passwords, all of which contribute to inefficiency and user dissatisfaction.

Creating an Effective Roadmap for Balancing UX and Security

1. Conduct User-Centered Research

Understanding the needs and pain points of business users is the first step in creating a balanced approach. Conduct surveys, interviews, and usability testing to gather insights into how users interact with security tools. This research can help identify specific areas where the user experience can be improved without compromising security.

2. Simplify Security Processes

Streamlining security processes can significantly enhance the user experience. For example, implementing passwordless authentication with digital certificates can streamline the login experience, help users ditch passwords altogether – all while maintaining and even enhancing security.

3. Enhance Training and Awareness

Educating users about the importance of security measures and how to navigate them effectively is crucial. Regular training sessions, workshops, and clear documentation can empower users to understand and comply with security protocols. Gamified training modules and interactive sessions can make learning about security more engaging and effective.

4. Foster Collaboration Between IT and Business Units

Creating a collaborative environment where IT and business units work together can help align security measures with business needs. Regular meetings and open communication channels can facilitate the exchange of ideas and ensure that security protocols are designed with the user experience in mind. IT teams should be open to feedback and willing to make adjustments based on user input.

5. Leverage Technology for Better UX

Investing in advanced technologies can help balance security and user experience. For example, biometric authentication methods such as fingerprint or facial recognition offer strong security with minimal disruption. Similarly, AI-driven security solutions can provide real-time threat detection and response without requiring constant user intervention.

6. Continuous Monitoring and Improvement

Balancing UX and security is an ongoing process. Continuous monitoring and feedback loops can help identify emerging issues and areas for improvement. Regularly reviewing and updating security protocols based on user feedback and technological advancements ensures that the balance is maintained over time.

A Complex & Essential Task

Striking the right balance between user experience and security is a complex but essential task for IT security teams. By understanding the challenges business users face with security tools and adopting a user-centered approach, organizations can create a security environment that protects critical assets without hindering productivity. Simplifying security processes, enhancing training, fostering collaboration, leveraging technology, and continuously monitoring and improving protocols are key steps in achieving this balance. Ultimately, a well-balanced approach not only enhances user satisfaction but also strengthens overall security posture and business performance.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

OT Security Patch Management

In the world of OT, ensuring the security and reliability of systems is critical. Disruptions to critical processes can have severe consequences, impacting production, safety, and even environmental well-being. The focus on uptime may sometimes conflict with another essential aspect of OT security, patch management.

Continue reading

runZero Discovers all IP-Addressable Assets and Proves Active Scanning is Safe for Operational Technology in NREL/CECA Testing

As FBI Warns of Rising Cyber Threats in Renewable Energy Sector, runZero Demonstrates Effectiveness in Protecting Critical Infrastructure with No Impact on ICS Processes & OT Device Performance

AUSTIN, TEXAS — July 24, 2024 — The U.S. Department of Energy’s (DOE’s) National Renewable Energy Laboratory (NREL) has released a public report summarizing the outcomes of the second cohort of the Clean Energy Cybersecurity Accelerator (CECA) program. As previously announced, runZero, a leading provider of Cyber Asset Attack Surface Management (CAASM), was selected as the first of two participants from numerous applications for this rigorous months-long evaluation.

CECA Cohort 2 aims to bridge the gap between the widespread use of tools for monitoring information technology (IT) networks and the less common adoption of tools for actively monitoring operational technology (OT) systems. The solutions assessed by CECA aimed to identify risks that asset owners might miss due to incomplete visibility of systems or device configurations. The goal of these solutions is to improve the visibility of OT systems, illuminate OT networks and assets, and clarify any associated risks. Capabilities such as asset identification, attack surface enumeration, and configuration management can all help OT asset owners gain a better understanding of their overall risk posture.

CECA’s work comes at a critical time. On July 1, the FBI issued a warning about increasing cyber attacks in the renewable energy sector. They advise organizations to monitor network activity for any unusual or suspicious traffic and activity. In addition, they have recommended other critical measures to overcome cybersecurity challenges. The evaluation of the runZero Platform demonstrated its effectiveness in addressing the urgent cybersecurity challenges facing the modern electric grid, including the most recent FBI warning.

CECA concluded that runZero’s discovery methods significantly improve visibility into utility infrastructure with detection of all IP-addressable devices in the test environment. This was accomplished without impacting the performance of industrial control systems (ICS) assets or interfering with ongoing SCADA processes and communications. runZero leverages a unique combination of proprietary active scanning, novel passive discovery, and integrations to provide accurate, comprehensive visibility across IT, OT, and IoT environments, including delivering in-depth insights into potential risks and exposures that attackers could leverage.

According to the CECA report, runZero’s active scanning methods in the CECA test environment did not negatively impact system performance, challenging the widely held industry belief that active scanning inherently disrupts operations. The conclusion that active scanning in this environment proved safe with runZero is significant, opening the possibility of expanding scanning beyond traditional passive collection methods. CECA’s findings could be transformational for the energy industry since active scanning provides more comprehensive data about connected devices compared to passive discovery, giving security teams improved visibility to better secure ICS environments.

“runZero is thankful to DOE and NREL for the chance to showcase the effectiveness of our CAASM solution. The tests confirm that the runZero Platform and our unique combination of active scanning and native passive discovery provide advanced visibility into assets – both managed and unmanaged – without disrupting normal business operations. This serves as a crucial deterrent against external attacks,” said Rob King, director of research at runZero.

Evaluation Criteria and Key Results for the runZero Platform

The evaluation plan outlined four scenarios to examine different aspects of the solution: initial discovery, change discovery, passive discovery, and scale discovery. Each scenario involved a scientific and repeatable set of procedures and data collection methods. The runZero Platform demonstrated the following key capabilities:

  • Accurately identified all IP-addressable assets in the environment and collected detailed information about each identified device and all open ports, including the ability to detect OT protocols like Modbus.

  • Identified and alerted on the introduction of new devices and changes to existing devices in the environment.

  • Built an accurate inventory of assets through proprietary active scanning and passive traffic sampling, discovering all IP-addressable IT and OT assets.

Cybersecurity is a complex and shifting field full of unique challenges. Threats, risks, architectures, and technologies will continue to evolve as the energy sector undergoes significant transformations. Innovation of solutions should be enabled to evolve as well. Using solutions such as those offered by runZero to identify control system assets and to monitor changes in that equipment is expected to improve the security of the industry as a whole, continued the report.

CECA is managed by NREL and sponsored by the Department of Energy’s (DOE’s) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and utility partners in collaboration with DOE’s Office of Energy Efficiency and Renewable Energy (EERE).

To learn more about runZero’s participation in the NREL CECA Program you can read their news story here.

To download the free and publicly available report, please visit https://www.nrel.gov/docs/fy24osti/89105.pdf.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

What is a web application firewall (WAF)?

Ever wonder how a website protects itself from all of those cyber threats that evolve daily? Through something called the web application firewall, or WAF. But what are WAFs? And why are they important? Understanding how WAFs function and why they form an integral part of today’s modern web security infrastructure provides insight into this very critical role.  

What does the web application firewall (WAF) do?

WAF is a security solution designed to protect web applications by continuously monitoring and filtering HTTP traffic between the web application and the internet. It protects against multiple threats such as SQL injection and cross-site (XXS) scripting, among others. At its core, a WAF works as a kind of protective layer that is put in between web applications and potentially malicious traffic.

How does a WAF Work?

To understand the significance of the role WAF plays in cybersecurity, we have to know how it works. In a nutshell, WAF network security, as already mentioned, works by examining the HTTP requests and responses against defined rules and policies. Here is a deep dive into the mechanisms behind WAF.

WAF

Inspection and filtering

The WAF is put between a user and a web application. So when a user sends a request to the web application, the WAF intercepts the requests passed to the web server and then inspects its contents, including headers, URLs, data payloads, and known attack signatures that might include SQL injection commands or XSS scripts.

Rule-based detection

WAF employs various rule sets to detect and stop threats. These rules define the normal and abnormal traffic behavior for a web application. For example, one of the rules could be to block the request that contains certain keywords or patterns in the message body that could be associated with SQL injection. The rules can be customized according to the needs of the web application.

Behavioral analysis

Apart from rule-based detection, some advanced WAFs will make use of various behavior analysis techniques. Fundamentally, this is the process of monitoring typical user behaviors to identify deviations that could be indicative of an attack. For example, if the user suddenly starts sending a large number of requests in a very short period, then probably a WAF will raise a red flag for a DDoS attack.

Real-time response

In the event of a threat, the WAF instantly acts to block the request from further passing on to the web application. Responsiveness in real-time is critical in suspending an attack before any serious damage occurs. Furthermore, WAFs can also generate alerts or log messages to inform administrators about identified threats and consequential actions that were performed to stop them.

By combining inspection, detection, and response mechanisms, a WAF can significantly increase the security of a network. Unsurprisingly, these days, WAFs are often a critical part of any comprehensive cybersecurity strategy.

Why is a WAF important?

Safeguard sensitive information

The amount of sensitive information that exists in web applications is vast. Sensitive data includes personally identifiable data, financial details, and proprietary business data. In cases of successful cyberattacks and breaches, all such information is exposed. The role of WAF here is to prevent such incidents by blocking off malicious traffic to the web application and disallowing unauthorized access.

Avoid compliance fines and costs

Most industries are governed by stringent regulatory laws concerning data protection and privacy. Non-compliance with these regulations is your one-way ticket to heavy fines and lawsuits. A WAF makes it easier for businesses to comply with regulations by providing the much-needed security layer. Proactive measures taken to safeguard sensitive data mean peace of mind and better chances of avoiding hefty fines.

Preserve reputation

Today, a company’s reputation is often related to its ability to protect customer data and maintain secure online services. A single successful cyber attack on an organization can put its reputation down the gutter once and for all. Implementing a WAF can mitigate such risk and further improve the reputation. Ultimately, most consumers trust a business, which means security not only in their PR statements but also in their actions.

Differences between WAF and network firewall

While WAFs and Network Firewalls both play a critical role in cybersecurity, they serve rather different purposes, and, as discussed, operate at different levels within a network. Here’s a rundown of the key differences between the two.

The role of WAFs

Security of web applications

As we discussed earlier, WAFs are built for the protection of web applications by filtering and analyzing HTTP traffic. HTTP is the protocol used for transferring data on the web, and WAFs focus on this traffic to defend against web-based attacks. WAFs can trace malicious activity against the application layer by analyzing the content of HTTP requests and responses since it works at Layer 7 of the OSI model.

Layer 7 protection

Layer 7 is where user interactions with software applications take place. As a part of their operation, WAFs track this layer for detailed content data about HTTP traffic. For example, an attacker could try to insert malicious code into a web form to gain unauthorized access to sensitive data; in such an instance, a WAF would detect and block that attempt immediately. This kind of sophisticated protection is critical for securing web applications against a variety of threats.

Should an attacker try to gain access to sensitive information by inserting malignant code in a web form, a WAF will block this attempt. This type of targeted protection is important to safeguard web applications from sophisticated threats.

The role of network firewalls

Protection of the network

A network firewall works toward protecting the entire network by managing incoming and outgoing traffic through filtering against a set of predefined security rules. It works at the network layer and the transport layer of the OSI model. These layers are responsible for proficient routing and reliable delivery of data packets in a given network. Network firewalls focus on threats like unauthorized access, DDoS attacks, and malware, ensuring that only legitimate traffic is allowed to pass through.

Layer 3 and 4 protection

Layer 3 is the network layer, including logical addressing of data packets to ensure that data sent from one device reaches the right destination, while Layer 4 is a transport layer responsible for the reliable transmission of data between devices. Network firewalls regulate the flow of data toward the destination based on IP address ports, and protocols. For example, they can be used to prevent an attacker from using an open port to access the network and so gain unauthorized access to network resources.

Bottom line

In an era where cyber threats are becoming increasingly sophisticated and pervasive, the importance of robust web security measures cannot be overstated. The implementation of a WAF is a vital component of contemporary web security. It provides the necessary tools to detect, prevent, and respond to web-based threats in real-time, ensuring the integrity and availability of web applications. As cyber threats continue to evolve, investing in a robust WAF solution will remain a critical priority for organizations seeking to protect their digital assets and maintain the trust of their users.

For comprehensive security, it’s essential to protect not only your web applications but also your access credentials. Just as a WAF safeguards against web-based threats, a robust password management solution like NordPass Enterprise ensures that your organization’s passwords are protected from unauthorized access and are easily accessible at all times. NordPass provides features such as secure password sharing, automated password generation, and real-time breach monitoring, aligning perfectly with the goals of a WAF by adding an extra layer of security to your web infrastructure.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

RDP security: How to secure your remote desktop

With 27% of the US workforce operating remotely, companies need efficient and secure ways to connect users and central servers.

Microsoft’s Remote Desktop Protocol has become a go-to option for flexible working. More than 50% of companies report using RDP in the past year, and it’s not hard to see why. RDP allows fast connections and seamless remote work. 

But is RDP a secure option for your workforce? As always, the answer depends on your security setup.

This blog will explore how RDP works and some of the main RDP vulnerabilities. As we will see, remote access creates significant security risks. However, these risks can be managed if you follow our RDP security tips and implement smart remote access solutions. Let’s find out more.

What is RDP?

Businesses use the Remote Desktop Protocol (RDP) to communicate with and control external devices. Created by Microsoft, RDP enables seamless remote work via Windows systems.

What-is-RDP

RDP functions by creating sessions between clients and servers. Clients request access. Servers authenticate requests and transmit a graphical interface to the remote client. This interface replicates the desktop contained on the server and functions just as if installed on the client.

The Remote Desktop Protocol supports this setup by carrying data about mouse movements, clicks, and keyboard presses. The protocol converts activity into data packets, which the server converts into graphical updates.

In the process, a lot of information passes across the RDP connection. RDP access handles document printing, audio, and video communications, collaborative editing, and file transfers. Much of this information could be very valuable in the wrong hands.

Why use RDP?

RDP allows remote workers to access resources located in central data centers. Workers can run applications and manipulate files just as they would in on-premises offices. Users do not need to install apps locally or download documents for local use. Everything stays on-site.

RDP also enables technicians to access remote devices. On-site specialists can diagnose problems, deliver security patches, assess device postures, and monitor remote operations. Managers and security teams can easily train remote workers.

Technicians favor the RDP protocol due to its reliability and speed. Windows compatibility is another attractive feature, making it convenient for most organizations. However, there is a downside: RDP security issues.

What are the main RDP security issues?

RDP is a transfer protocol, and protocols are almost always vulnerable to external attacks. That’s not all. Attackers can also target the servers and applications used to enable RDP access.

Attacks range from mild irritants to serious threats that put workloads and data at risk. Companies using RDP for remote work need plans to handle these threats and keep data safe.

Security planning starts with awareness of common RDP threats. Here are some of the most common (and damaging) vulnerabilities:

  • Unsecured ports. RDP always uses port 3389 to establish connections. This is an external and open port. Malicious actors can impose themselves between users and port 3389 to steal credentials via on-path attacks. Attackers can then use the open port to access servers or devices.

  • Credentials theft. Weak credentials are a critical RDP security issue. Users often reuse passwords for RDP and email and access web applications. Attackers obtaining these user credentials can implant ransomware via workloads or servers. Even slightly different passwords are vulnerable to brute-force attacks.

  • Server exploits. In the past, Microsoft’s RDP services have fallen victim to remote code execution vulnerabilities. Hackers use flaws in servers or protocol codes to gain unauthorized access. For instance, an exploit called BlueKeep once exposed millions of RDP servers to external attacks. Microsoft resolved the BlueKeep issue, but exploits can emerge at any time.

  • Protocol tunneling. In tunneling attacks, hackers implant malicious code within protocol traffic. RDP traffic appears to be legitimate but carries malware or other harmful agents. Even worse, many standard firewalls struggle to detect this type of attack.

  • Session hijacking. Attackers can gain access to active remote desktop access sessions. In these situations, attackers can explore any resources available to legitimate remote users. Until they are detected, they can implant malware, extract data, and disrupt operations.

  • DDoS attacks. Attackers often use protocols to flood networks with traffic and take systems offline. RDP is vulnerable to DDoS-style attacks because it uses an open port, and servers generally do not enforce rate limits. The protocol is also relatively resource intensive, meaning attackers must unleash less traffic to achieve results.

How to secure RDP

Securing your Remote Desktop Protocol setup should be an urgent task. RDP is involved in 90% of cyberattacks, and the consequences of attacks are severe. RDP is a critical vector for ransomware, and attackers can use exposed work environments to steal confidential data.

RDP-security-issues

There is some good news. Properly secured remote desktop protocol implementations are hard to infiltrate and secure. Let’s run through some best practices to create a secure remote desktop environment.

  • Use stronger passwords. Brute-forcing attacks are much harder to mount against complex passwords. Avoid any words related to individuals or the company, and always avoid recycling passwords from other logins. Use password managers to generate strong passwords that are impossible to guess.

  • Change your RDP port. Changing your listening port from 3389 helps make RDP secure by limiting external access. Changing the port is a sensible first step, as it blocks many automated port attacks.

  • Use access controls. Administrator accounts can change RDP settings or use their privileges to access other network resources. Use access management tools to apply the principle of least privilege. Provide access to administrators when they need it for specific tasks. Otherwise, allow the fewest possible permissions for all remote users.

  • Apply firewall protection. Strengthen your defenses by casting Windows Firewall protection around RDP environments. Windows Firewall rules for RDP connections block external traffic but allow authorized users to access network resources.

  • Use Network-Level Authentication (NLA). Network-level authentication is native to RDP systems and adds an extra layer of authentication for every session. Users seeking RDP access must supply an additional form of identification, such as smart cards, one-time passcodes, or biometrics.

  • Implement lockout policies. Lockout policies block users after a certain number of unsuccessful logins. This is a good starting point for blocking brute-force attacks.

  • Monitor user sessions. Track user activity during RDP sessions to detect suspicious behavior. Monitoring should check for spikes in resource usage. This could suggest a DDoS-style attack. Technicians should also monitor access to sensitive files and limit access to essential resources.

  • Add Virtual Private Network (VPN) protection. VPNs ensure secure remote access by creating encrypted shields around remote connections. Users log onto a VPN gateway before accessing RDP servers. This adds an extra barrier for hackers and effectively anonymizes traffic.

  • Update RDP tools regularly. Promptly apply security updates for remote desktop applications and Windows Server. Ensure VPNs, multi-factor authentication tools, and firewalls are up to date. Regular updates cut the risk of exploits, making life much harder for would-be attackers.

  • Train staff in RDP security. Never allow remote workers to use RDP connections without security training. Ensure workers know how to use passwords, VPNs, and multi-factor authentication. Outline security and compliance policies.

 

Eliminate RDP vulnerabilities using NordLayer

RDP is among the most common secure remote access solutions available. Yet, it is not necessarily the best way to ensure secure remote access—at least not on its own.

The solution lies in combining Microsoft’s security features with external security tools. On-board tools like NLA, port settings, and user monitoring all help. However, NordLayer’s Smart Remote Access ensures secure RDP connections with end-to-end encryption.

NordLayer provides secure remote access solutions to meet your remote device access needs. Create virtual LANs around every network endpoint and protect remote users via VPN coverage. Cloud LAN enables secure file sharing from device to device, troubleshooting others’ devices, and using remote devices as virtual machines for work.

Benefit from the flexibility and efficiency remote work provides while avoiding security nightmares. To find out more, contact the NordLayer team today.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

CISOs and CIOs confront growing data protection challenges in the era of AI and cloud

Foundry survey and in-depth interviews reveal critical gaps in disaster recovery strategies and highlight the pressing need for enhanced data security measures.

COPENHAGEN, DENMARK. July 23, 2024 – Keepit, a global provider of a comprehensive cloud backup and recovery platform, today released a survey conducted by Foundry, as well as a study based on in-depth interviews conducted by Keepit. Both reveal critical gaps in disaster recovery strategies and highlight the pressing need for enhanced data security measures.

In an evolving technological landscape, enterprise IT leaders are grappling with unprecedented challenges in data protection and governance, driven by the rapid adoption of cloud applications and generative AI.

The CISOs and CIOs interviewed by Keepit for the study: “The great balancing act: Cybersecurity leaders tackle rising pressures” spoke to the necessity of rising to the challenge by adopting a mindset of continuous improvement. They are building collaborative best practices, partnering to bring in needed expertise, and investing in data-centric solutions optimized for security and simplicity.

Data protection struggles amid cloud and AI expansion

Enterprise disaster recovery strategies, traditionally designed for on-premises IT infrastructure, are lagging behind the surge in cloud application usage and the integration of AI technologies. Foundry’s survey: “Can data protection keep pace with the shifting landscape?” underscores this trend. The respondents of the survey represent IT decision-makers from companies with over 1,000 global employees. While 70% of respondents report that their financial applications are covered by data protection strategies, a significant portion of other key systems and custom applications remain vulnerable.

Survey highlights

• Financial systems: 70% are covered by data protection strategies.

• E-commerce and HR Management Systems: 50% are covered.

• CRM and ERP systems: 48% and 42% respectively.

• Critical transaction-based systems, custom applications, and collaboration and productivity tools: Are lagging behind with only between a third and a quarter of systems covered.

“Anything related to finance is important, most people will agree. And it’s an obvious place to start when you map your critical systems and data. The survey shows that financial systems are by far the most incorporated in data protection strategies, and when you look at verticals, financial institutions are also a little more mature than others,” says Kim Larsen, CISO at Keepit, an industry professional with a background in advising public and private sector organizations in cyber security and cyber resilience.

Strategic gaps and vulnerabilities

The survey reveals that only half of the organizations have incorporated cloud-stored SaaS data into their disaster recovery plans. Another 40% plan to address this gap soon. A decision-maker participating in a recent Keepit CISO roundtable remarked, “We solved many of these challenges 10 to 15 years ago, but with the move to cloud, it’s like we’re starting from scratch again.”

The current state of data protection is also seen as a significant barrier to expanding the use of generative AI technologies.

Strategic gaps:

• Critical SaaS data applications: 50% of respondents have included cloud-stored data for critical SaaS applications in their disaster recovery plans, and 40% plan to do so.

• AI data protection: Nearly all organizations prioritize AI data protection, with 52% already implementing tools for chatbots and AI platforms and 43% considering them.

“Good data protection is essentially ‘data classification plus good recovery capabilities’: If you understand your data, and can recover uncorrupted versions of it fast, you have a solid foundation to ensure business continuity, compliance and recovery. But this is easier said than done: The complexity of implementing new initiatives, such as governance over data used by large language models (LLMs), and the need to balance conflicting IT demands, pose additional challenges for any industry,” adds Kim Larsen, CISO at Keepit.

Compliance and future-proofing

Data protection is a top concern for 73% of survey respondents heading into 2024, with data governance (53%) and enterprise backup and recovery (45%) also ranking high. Regulatory scrutiny is increasing globally, with mandates from agencies like the SEC in the US and the upcoming Digital Operational Resiliency Act (DORA) in the EU.

Compliance challenges:

• Regulatory mandates: New cybersecurity resilience requirements.

• Cybersecurity risks: Continued threats, notably ransomware.

“Cyber strategy must be perfectly aligned with the business to effectively support it. The more global an organization becomes, the more difficult this is – to align access, and comply with regulations. This is backed up in our study, where CISOs emphasized the need for a unified risk management strategy that aligns with regional regulatory requirements,” said Kim Larsen.

Organizational maturity and risk management

Keepit’s interviews with over 30 CISOs and CIOs reveal the importance of organizational maturity in handling data security. The variability in CISOs’ backgrounds and responsibilities was cited as a reason for the slow implementation of data-focused innovations.

Key findings:

• Cloud flexibility: 80% of organizations adopt a “cloud smart” approach, introducing new security and compliance challenges.

• Regulatory and expertise challenges: The rise of GenAI and the need for specialized knowledge in AI and cybersecurity.

“One thing stands out: Organizations have very different levels of maturity. A lot of the governance activities are so obvious, you would think everyone is doing them. But they aren’t. Classic difficulties include managing multiple security vendors, leading to gaps in protection. Another is circumstances – one CISO told us how he had experienced five major cyber events in the previous year, prompting a complete overhaul of their cyber response plan,” says Kim Larsen, CISO at Keepit.

Strategies for success

CISOs and CIOs are adopting continuous improvement mindsets, building collaborative best practices, and investing in data-centric solutions. Establishing effective data governance frameworks and engaging the board of directors are seen as crucial steps forward.

Strategic recommendations:

• Align with business objectives: Frame cybersecurity in the context of business goals.

• Translate technical concepts: Communicate in terms stakeholders understand.

• Demonstrate ROI: Highlight cost savings, risk reductions, and business benefits.

• Board engagement: Seek feedback and support from the board for cybersecurity initiatives.

“The conclusion is that data protection remains a cornerstone of organizational resilience in the face of growing technological advancements. As CISOs and CIOs navigate these challenges, their ability to enable and protect data-driven innovation will define their success. Robust data security and backup strategies are essential for balancing innovation and protection, ensuring that organizations can thrive in the digital age. Effective communication of cyber risks to stakeholders and demonstrating the ROI of cybersecurity initiatives are critical,” ends Kim Larsen.

### ENDS ###

About Foundry, and IDG, Inc. Company:

Foundry has played a key role in every major milestone, announcement, and development in modern technology since 1964. We engage and activate the world’s most influential tech buyers and early adopters via the award-winning journalism and trusted media brands they’ve turned to for decades. Our integrated ecosystem of owned and operated editorial sites, awards, events, and tech communities is engineered to enable global audience activation through innovative marketing campaigns. Backed by robust audience insights and data from across our network, Foundry sets the standard for delivering business results to help companies grow.

With 38 offices in markets around the globe, Foundry is a wholly owned subsidiary of International Data Group, Inc. (IDG), the world’s leading tech media, data, research and marketing services company.

To learn more about Foundry, visit foundryco.com.

About CSO:

CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks. With incisive content that addresses all security disciplines, from risk management to network defense to fraud and data loss prevention, CSO offers unparalleled depth and insight to support key decisions and investments for IT security professionals. www.csoonline.com

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.