Search the internet and you’ll find endless advice about how to grow a business. A common theme of those suggestions involves embracing new technology tools that promise more collaboration, more data integration, more innovation – and less work.
With those tools though comes new security challenges. Some are obvious. Others aren’t. And the latter are the ones we want to shed light on.
We asked our security systems engineers about their experiences with businesses that inadvertently compromise security during growth periods or when launching new initiatives. They shared their stories, and also their advice about what businesses can do if faced with similar situations. We compiled everything in an eBook that is available right now and included some highlights in this blog post.
Cloud Migration Requires a Security Plan
Cloud solutions are appealing answers to many growth challenges. But while security is an integral part of cloud platforms, it doesn’t mean security is hands-free. Even with a shared responsibility model, some cloud users don’t fully understand what they need to protect. Compounding that are issues with misconfiguring cloud services that inadvertently create more vulnerabilities. An interesting note is our FireEye Mandiant team estimates that 15 percent of its incident response involves public cloud assets.
Tools Can Hurt a Business as Much as They Help
Growing a business requires new tools. Using simple math, we know that means more applications and services for security teams to monitor. Add in the fact that integration of these tools through APIs create additional security issues to manage, and thinly stretched security teams suddenly get stretched even thinner.
Security Talent Hiring Not Appropriate to the Task
Two things occur when businesses grow: more employees are added and new technologies are adopted. Cyber security teams need to respond in a similar fashion. But inefficient allocation of budget, such as hiring one person to address a single need, means security gaps are left unresolved.
Security Strategy and Practices Not Evolving in Step With the Business
Some growing companies have taken a "business as usual" stance when it comes to security, and that's unfortunate. What might have worked before to protect the business doesn’t work when operational processes and practices are evolving to manage growth. Failure to stay aligned leads to exposure.
Risks Not Effectively Assessed and Managed During an Acquisition
Cyber security, while an essential part of the mergers and acquisitions due diligence process, still suffers from lack of understanding about its role and importance. Without a thorough cyber security review, businesses have bought companies only to later learn they just inherited breached systems that they’re now responsible to remediate. And that’s only part of the problem. They now have to ask: Was data stolen or compromised, devaluing the new acquisition?
Read our eBook to learn more about inadvertent risks caused by growth, including recommendations for anyone who recognizes any of these issues at their business.