Apr 17, 2020 1:40:28 PM

Manage COVID-19 Business Impact Without Limiting Planned Security Spend

This week PwC released a survey exploring the financial measures CFOs are evaluating to manage business impact through the COVID-19 crisis and beyond. The reality is that as the economic stall persists, every business will look at new ways to minimize and control business impact.

Two-thirds of PwC’s survey respondents (67%) said they are considering deferring or canceling planned investments. Of those, just 2% are considering cuts to planned cybersecurity and privacy investments. Only 25% are looking to scale back digital transformation initiatives – a higher percentage than expected considering the number of businesses that have accelerated remote working connections and capabilities.

It’s no secret that most businesses struggled with IT security before the COVID-19 crisis. Many lacked the infrastructure and security required to handle the shift to remote working while keeping critical systems secure.

Research released earlier this year revealed that leaders and IT professionals were concerned about managing risks related to digital transformation in a pre-COVID world. Just under half of survey respondents said that authenticating and controlling IoT devices was a top strategic priority for their organization’s digital security while 60% were adding additional layers of encryption technologies to secure IoT devices.

Working from home has accelerated the number of connection points in the network and the certificates and keys they rely on. Ensuring visibility to and the security of those connections is mission critical – lack of adequate management can lead to systems disruptions, outages and even breaches.

 

Find insights and recommendations for PKI and security professionals to quickly secure a remote workforce at scale in our COVID-19 Resource Hub

Go to COVID-19 Resource Hub

 

Public Key Infrastructure (PKI) is a foundational and essential component in any cybersecurity framework to manage certificates and keys, or baseline system, application and IoT device protection. For years, IT teams have self-managed their company’s PKI, juggling spreadsheets to track renewals and updates. New platforms and PKI-as-a-Service capabilities are supporting digital transformation and growing in popularity. In today’s digitally connected businesses PKI has never been more critical -- though few businesses have the resources in place to manage it.

If you’re championing your IT security budget, here are 5 considerations you can use as a guide to expedite your tools search and maximize your investment:

1. What is your evaluation timeframe and what’s the urgency for product selection based on evaluation?

This basic self-assessment will reinforce the reasoning behind the spend and the criticality of turnkey deployment.

 

2. What are the specific use cases or business requirements that the solution must address?

Many leaders have already mapped business requirements and use cases. It’s important to revisit those use cases to classify what scenarios look like under ‘normal’ circumstances, and a future state that accounts for long-term remote working and transitional requirements as the business navigates operational shifts over the next 18-24 months.

 

3. How much can your organization invest in properly evaluating solutions against these requirements?

This consideration was important pre-COVID, but it’s even more important to be realistic considering your company and workforce’s current circumstances and long-term business continuity planning.

 

4. What are the criteria required for different user groups within the organization (e.g. PKI admins, developers, security analysts, network admins, endpoint users)?

This is another area that must account for shifting scenarios that plan for typical and atypical operations.

 

5. What are the systems and applications within the organization that rely on the use of keys and digital certificates (i.e. web servers, load balancers, firewalls, devices, containers, etc.)?

Your teams likely have some matrix that accounts for user groups, but odds are that list has radically shifted over the last month.

 

The PwC survey is reassurance for IT security champions and reinforcement that even in today’s unprecedented business climate leaders understand the importance of keeping security budgets intact.

No one knows what our post COVID-19 world will look like, but with experts suggesting some level of continued distancing measures through 2020 it’s safe to suggest that business and IT leaders should actively plan for a long-term remote workforce and its digitally connected operations. For most, that means continued (and wise) IT security investment.