In cybersecurity, organizations create chaos with the best of intentions. Their goal is to make incremental gains in security by implementing new solutions that make up for the deficits of older ones and adding new controls to compensate for the limits of existing ones. To make matters worse, the IT environment itself has grown more complex, creating new attack vectors that malicious actors can exploit.
Clearly, agencies need to reduce the chaos and improve security. But they also need to ensure their cyber strategy does not hinder employee productivity. Those competing needs were more apparent than ever when gubernatorial mandates in response to the COVID-19 crisis required thousands of employees to begin working from home, some using their own devices. How could agencies protect applications and data without creating new obstacles for employees?
To learn more about how agencies can take a more cohesive approach to endpoint security, GovLoop spoke with John McClurg, Senior Vice President and Chief Information Security Officer at BlackBerry, a provider of intelligent security software and services.
“Quite often, if we pursue security in the way we want to, we end up leaving our users with just a horrible experience, because of the ‘friction’ they incur,” McClurg said.
A Modern Solution
The solution to these challenges is not another product. That would only add to the chaos. Instead, McClurg said, agencies need to shift to the emerging concept of unified endpoint security (UES).
Unified endpoint security leverages artificial intelligence, machine learning and automation to provide next-generation cyber threat prevention and remediation across devices, networks, apps and people – all without interfering with user productivity.
“It’s a modern solution for a challenge that we have faced for decades,” McClurg said. Specifically, it is designed to shift agencies to thinking in terms of preventing cyberattacks, not just reacting to them, he said.
From a security perspective, UES implements the concept of Zero Trust security. Zero Trust is a dynamic approach that continues to evolve as it learns from user behaviors and as your environment changes with new users, new devices, new applications and new technologies. One of the concerns about Zero Trust, however, is that it will create countless obstacles for employees who are just trying to do their jobs.
That’s why the concept of Zero Touch is essential to UES. AI, machine learning and automation allow for authentication as a continuous process. The idea is to leverage operational network data to create and refine behavioral profiles of users and devices, so that the network can identify them without any human intervention. That’s why it’s called Zero Touch.
“There doesn’t have to be that dichotomy and that tension between providing security and positive user experience,” McClurg said. “The dichotomy dissolves as you leverage the benefits of what the endpoint security solution set now affords you.”
BlackBerry has identified six pillars of UES:
- Endpoint Protection
- Endpoint Detection and Response
- Mobile Threat Defense
- Continuous Authentication
- Data Loss Prevention
- Secure Web Gateway
Creating UES would be just another challenge for agencies if they had to start from scratch. BlackBerry has developed solutions with UES in mind, ensuring integration across those pillars. Current solutions address the first four of the pillars, with the other two in the works.
This article is an excerpt from GovLoop’s recent report, “CIO Perspectives: A New Vision for the Government Workplace.” Download the full report here.