The public cloud offers significant benefits of flexibility and scalability. But it also comes with challenges — especially with regard to security. CDW’s complimentary Cloud Security Posture Assessment is designed to help organizations in this area.

If your organization finds itself dealing with security and compliance challenges in the cloud, here are some key reasons why you might consider engaging us to conduct a CSPA.

As part of CDW’s cybersecurity team, I often have the opportunity to visit with our customers and help them identify gaps in their security programs. CDW offers a variety of security assessments that help organizations shore up their cybersecurity weaknesses.

I’ve performed dozens of these assessments, which provides me with a unique vantage point on the state of cybersecurity across different industries and organizations of various sizes. With that perspective, I’ve seen four common threats that continue to pose significant risk to cybersecurity programs.

Recently, I had the opportunity to help a CDW client in the legal industry assess the current state of its cybersecurity program. The firm had a good grasp on cybersecurity issues and, in fact, had many effective cybersecurity controls in place. I’d definitely consider the firm far along the cybersecurity maturity model.

Like many organizations with mature cybersecurity programs, the firm wanted to get an outside assessment of its controls to uncover any gaps its security personnel might have overlooked internally. We spent a few days conducting a penetration test to provide the firm with an attacker’s view of its network.

As a member of CDW’s cybersecurity incident response team, I spend much of my time working with organizations in the heat of a crisis.

Whether they’re in the middle of an active network compromise or they’ve fallen victim to a ransomware attack, my team steps into emergency situations and helps companies get back on their feet as quickly as possible. In that respect, our team is much like a battalion of firefighters.

The most exciting part of my job occurs when I have the opportunity to visit with a new client organization and help its leaders assess their security infrastructure and remediate any vulnerabilities. I enjoy being able to examine the current state of their cybersecurity programs and help them redesign elements to better address the modern threat environment.

Recently, I had the opportunity to engage in this type of work with one of CDW’s customers — the government of a midsized county. As we worked through the assessment, we identified two core issues that required immediate attention. First, the county’s network firewall platform was quite outdated, running technology that was over a decade old. The devices still functioned, but they were designed to protect against the threats of 10 years ago, not today’s advanced persistent threats. Our first core recommendation was that the county replace this aging firewall infrastructure with a modern next-generation firewall (NGFW) designed to stymie today’s attackers.

We also realized that the core of the county’s network lacked essential security controls. If someone gained physical access to the building and connected any device to the network, the attacker would have open access to all types of resources. There was no internal access control restricting the devices that could connect to the network and limiting the authorization of those devices based on the identity of the user. The county urgently needed a network access control (NAC) solution to address these risks and protect its network.

The global pandemic and social distancing measures have redefined the office for many people. Industries that never would have considered allowing their office employees to work from home were forced to rethink decades of business as usual.

This change has also brought new technology needs. Since these businesses had built technology infrastructures that relied on traditional network and application architecture, a shift had to occur. Suddenly, IT departments were dealing with overloaded VPNs or having to deploy a VPN that they never had to maintain before. Compound that with the fact that users are now accessing company resources from networks or assets that corporate IT has no control over, that most home routers are still vulnerable to exploitation and that, in many cases, the network gates were flung open in the name of productivity ― it’s enough to give any CISO an ulcer.

So how can companies mitigate these risks? Now that everyone is settling into a routine and we’re adjusting to this “new normal,” it’s an ideal time to reach out to your users and talk about security.