Last week, we spent three action-packed days with our European customers and partners in Barcelona, kicking off the CyberArk Impact 2016 Summit series. Next week, a team from CyberArk will convene in Boston with our Americas customers and partners. These events represent the largest gathering of privileged account security experts globally and provide an opportunity for attendees to discuss the ever-changing cyber security landscape, share stories and learn best practices for bolstering privileged account security. Through interactive sessions and training, attendees learn the most effective ways to protect critical enterprise assets.
Here are six takeaways from last week’s discussions:
- Privileged Account Security is an organizational priority: The rise in awareness about advanced threats has prompted many organizations to shore up privileged access controls in order to mitigate risks. In fact, it has become a top organizational priority for a growing number of companies in recent years.
- Enterprise-wide initiatives are challenging: Taking the time to fully develop a strategy and business case is critical in order to overcome any obstacles.
- Knowledge-sharing is critical: Cyber attacks have reached a level of sophistication that allows attackers to potentially evade existing security controls and access privileged credentials. Peer-to-peer guidance is invaluable in the fight against cyber attacks.
- Stakeholder engagement is key: Typical of any comprehensive project, it’s important to secure to buy-in to what you and your team aim to achieve. Engage with stakeholders on a regular basis. In the words of one of our speakers, ‘it’s useful to have a big guy with a hammer’ too.
- Demonstrate value through milestones: Think about how privileged account security integrates within a wider environment; chances are, it’s not feasible to get the whole infrastructure under control immediately, but it is important to show value quickly. Set early goals in conjunction with business partners, define phases to minimize business disruption and capitalize on initial successes by creating blueprints for repeatable processes.
- Establish metrics that matter: It is crucial to define the reduction in risk the project will achieve. Senior management, the board of directors and other key stakeholders used to simply ask for assurances that things were okay – but not anymore. Now, they need risk reduction and breach scenarios to be explained. Establish metrics that they can understand, and use the metrics to steer course corrections, measure control efficiency, and assess the impact of controls on system availability and application performance.
Achieving the right balance between enabling and restricting high-levels of access to information assets is difficult, but necessary. By convening to share insights and collaborating with one another regularly, best practices emerge to address the ever changing security landscape. Next week’s event marks our 10th Annual Summit for the Americas. We look forward to the ongoing dialogue.