As one of the top research and advisory firms in the world, Forrester works with business leaders worldwide to develop insights and strategies based on trends and predictions.
Much of Forrester’s research is devoted to IT security and threat mitigation. Although businesses differ in size and scope, the security challenges and solutions remain the same. We sat down with Forrester senior analyst Chris Sherman recently to ask what questions he hears the most—and came away with this Q&A on the top five cybersecurity questions you should be asking right now.
Should I be considering 2FA for my business?
Absolutely. Two factor authentication (2FA) has become a major augmentation for password protection. Monthly media reports of password breaches have severely tarnished the single password's authentication credentials for protecting sensitive information and high-risk transactions. 2FA, including software tokens (and to some degree still, hardware tokens), transaction signing tokens, biometrics authentication, and behavioral biometrics, has matured and taken its place in the fight against breaches resulting from weak passwords.
Should I be considering encryption for my business?
Absolutely. Most organizations require encryption—especially where regulated or highly sensitive data is concerned. Security and risk professionals should turn to encryption technologies to protect corporate data, meet regulatory requirements and prevent accidental data leaks due to the loss or theft of mobile devices. While there are key management challenges associated with the use of encryption that need to be overcome, the benefits of encrypting data, from protecting customer privacy to reducing the cost and impact of a breach, far outweigh any potential operational negatives for most security teams.
When should I use email encryption?
Email encryption is a necessity for highly regulated verticals such as financial services, healthcare, defense and government. And while many enterprises don’t yet have email encryption, Forrester expects cloud-based email security services to spur some growth. For a long time, email was the most common way of transferring documents and small files across the internet (within the organization, with partners, and with customers). And if you wanted to protect sensitive data and comply with standards such as payment card industry (PCI) regulations, it was necessary to have email encryption. Since email is still the most common method for communicating and transferring sensitive data, email encryption will remain an important tool for businesses, especially those in regulated industries.
When should I use full disk encryption?
If your endpoint environment consists of portable devices with access to sensitive information, you must consider full disk encryption (FDE). FDE encrypts the endpoint's entire hard drive, including the boot sector, when the endpoint is not in use. FDE has a level of operational simplicity that many organizations enjoy—you don't have to decide which data should be encrypted; it does not involve any error-prone user actions; and it can be implemented as a blanket policy. While hard disk manufacturers continue to enhance support for hardware-based full disk encryption, software FDE solutions are improving in both performance and ease of deployment, providing peace of mind for IT pros worried about device loss.
Are there any concerns about using a cloud-based management server for a security product?
A growing number of vendors are offering cloud-based management platforms for their security products. Drivers for cloud delivery of security technologies include scalability, lower operational overhead and increased deployment flexibility. There are some legitimate concerns, such as vulnerabilities in the vendor’s environment potentially causing risk to the client organization and concerns over how the client organization’s data is handled. However, both interest and adoption are high among enterprises and small and medium businesses (SMBs) due to the many clear benefits offered by cloud-based management.
Ready to learn more about data encryption and 2FA? Watch “Not optional: Why businesses need encryption and 2-factor authentication now” to learn:
- The mechanics of how these technologies work
- How encryption and 2FA protect against human error and social engineering
- Why deploying these tools increases customer confidence and trust
- How to implement both encryption and 2FA in minutes, at minimal cost