InfoSec professionals wear a lot of different hats within an organization and have an ever-evolving mix of responsibilities. In its many discussions with these specialized IT workers, Druva has gained insights into the key worries plaguing them in the name of data security.
To understand what makes InfoSec workers break into a cold sweat, let’s first look at their role in the enterprise and the demands of their job. How does InfoSec’s experience in your organization stack up against others?
Security Sleuths Rally the Troops
The typical InfoSec pro is part crime scene investigator, part security evangelist. They spend a lot of time implementing IT security controls and delivering services. Managing risk and compliance and handling violations are a big part of the job. Moreover, InfoSec workers have to communicate the value and specifics of information security to the rest of the organization. When it comes to data security, other employees don’t always know what they don’t know and someone has to tell them. Enter InfoSec.
While InfoSec is running around monitoring and analyzing security resources, ensuring license compliance and measuring ISMS metrics, they still need to keep an eye on the big picture. Responding to audits and eDiscovery requests may eat up time, but no one can afford to ignore industry trends or the priorities of upper management.
Don’t Worry, Be Happy
If InfoSec wants to be a hero to the boss, reducing overall corporate systems patch level non-compliance is an excellent place to start. Early detection of network attacks also goes a long way towards securing kudos from higher ups. Likewise, it’s important that InfoSec pros have the know-how to design, build and manage a first-rate compliance program. The trick is to maintain expertise in a constantly changing security environment.
Can Things Please Stop Changing?
The irksome reality for InfoSec pros is that things never stay the same. Staying current on new technologies and surviving in a competitive work world are ongoing battles. With a job rooted in constant change. InfoSec has to continuously work smarter if it wants to remain relevant. A rank and file worker with their eye on that coveted CIO or CISO job title will embrace this dynamic and use it to their advantage.
Not-So-Empty Threats to Ruin a Good Night’s Sleep
There’s a long and varied list of security threats that menace the enterprise. Given the expectations they face, it’s no wonder InfoSec pros are constantly on high alert. No, they’re not being paranoid; there really is a lot of bad stuff out there.
Based on our research, here are the top 4 urgent issues keeping InfoSec awake at night:
- Downtime of Production Servers. Server downtime is a major calamity that can generate huge losses for business. According to this Gartner blog, based on industry surveys, downtime costs an organization $5,600 per minute, or well over $300K p/hour. That’s something to avoid at all costs.
- Loss of Corporate IP. InfoSec is on the hook to protect the enterprise against IP leakage and keep the company out of the headlines.
- Malicious Behavior and Actors. InfoSec has to constantly thwart the bad guys and look for dashboards, reporting and other tools to help. Loss and theft sometimes come from within while external hacks and breaches pose a major threat as well.
- Tracking How Employees Use and Access Data. To effectively spot where things are amiss, InfoSec needs to see what’s going on – where sensitive data is in use, what data is moving off endpoints, external drives, etc.
Protecting enterprise information requires more than simply enacting policies or adopting routine measures. As the standard bearer for information security in their organization, InfoSec has to be informed, resourceful and forward-thinking to keep data safe. It may not be easy but it sure beats the alternative.
How Druva can lessen the worry
A security-minded IT leader knows that protecting sensitive corporate data is a big job, and gaining visibility over data stored on endpoints or in cloud apps is a growing challenge. According to IDC and Gartner, by 2020 over 50% of all enterprise data will be reside exclusively endpoints – making endpoint, cloud app-hosted and server data equally important to protect.
By applying Druva’s Proactive Compliance module to data on endpoints and cloud apps, InfoSec can gain immediate visibility into the type of data residing on these respective devices and cloud apps. We’ve seen how this proactive approach has helped our customers gain valuable business insights and avoid costly PHI and PII data breaches. We also believe that once you see Proactive Compliance in action, you will see how transformative it can be to your businesses.