This session was presented at ACREL and covered the industry trends and real world challenges that are being addressed around Security today. How can we improve security? Are passwords going away? What is better than passwords? What can I do to be more secure today? How can we securely share information? These questions and more were addressed in this presentation and the follow up workshops/breakouts.
Richard Harbridge is the Chief Technology Officer and an owner at 2toLead. Richard works as a trusted advisor with hundreds of organizations, helping them understand their current needs, their future needs, and what actions they should take in order to grow and achieve their bold ambitions.
Richard remains hands on in his work and has led, architected, and implemented hundreds of business and technology solutions that have helped organizations transform both digitally and organizationally. Richard has a passion for helping organizations achieve more; whether it is helping an organization build beautiful websites to support great content and social strategy, or helping an organization leverage emerging cloud and mobile technology to better service their members or the communities that they serve.
Richard is an author and an internationally recognized expert in Microsoft technology, marketing and professional services. As a sought-after speaker, Richard has often had the opportunity to share his insights, experiences, and advice around branding, partner management, social networking, collaboration, ROI, technology/process adoption, and business development at numerous industry events in around the globe. When not speaking at industry events, Richard works with Microsoft, partners, and customers as an advisor around business and technology, and serves on multiple committees, leads user groups, and is a Board Member of the Microsoft Community Leadership Board.
Have accidentally sent sensitive information to the wrong person
Law Firm & Legal Department Security & Practice In The Real World
LAW FIRM SECURITY &
PRACTICE IN THE REAL WORLD
Presented By: Richard Harbridge (@RHarbridge) #ACREL
My twitter is @RHarbridge, I’m super friendly & I am proud to work at 2toLead.
CTO & MVP | SPEAKER & AUTHOR
Life is full of risks, but you can’t always prevent them. Many believe even it does
happen, it won’t happen to us, or it certainly won’t be because of me.
IT WON’T HAPPEN TO ME…
Sometimes it is our fault directly, but it’s always our fault if we don’t take action to
protect ourselves and our ogs. Source of breach data – breachlevelindex.com
HOW DO DATA LEAKS HAPPEN?
59% 23% 14%
Employees believe that their passwords are secure. They know they should
rotate them and make them complex, but that’s it right?
PASSWORDS ARE SECURE?
But passwords suck, management and leaks cost us tons of money and it’s the
biggest gap still in security.
NO ONE LIKES PASSWORDS…
The problem with 2 Factor Authentication is that users find it adds effort/friction
to the login or authentication process. Sure it’s better, but it has a cost.
2 FACTOR AUTH TO
You can create your own model where 2 factor auth or advanced security is only
needed when not at the Office, on unmanaged devices, etc.
CONDITIONAL ACCESS HELPS…
We can use techniques that reduce our reliance on the password and use more
secure multi-factor (or 2 factor+) authentication.
IT IS GETTING BETTER…
Enterprise grade security
The reality is that users are continually at risk. With more advanced scams and
so many external threats we have to pro-actively manage risks.
THE REALITY IS THAT
USERS ARE AT RISK…
It’s not our job to worry about security. The organization has to manage and
handle security. I just need to get my work done.
IT’S THE ORGANIZATION’S
devices datausers apps
In the past, the firewall was the security perimeter.
EXCEPT THE WORLD HAS
Now there’s fewer boundaries, more data, more complexity.
We need to get our work done faster, from wherever we are, and with more
people than we ever had to before. IT security will just have to catch up.
IT’S OKAY TO SOMETIMES GO
AROUND THE SYSTEM…
There are plenty of ways to make external sharing easier from Outlook, Extranets,
professional personal file sharing services like OneDrive for Business and more.
WE NEED TO GIVE PEOPLE BETTER OPTIONS…
We can protect against many threats, even when they are not initially detected.
PROTECT BEHIND THE SCENES…
Data is created, imported,
& modified across
Data is detected
Across devices, cloud
Sensitive data is
classified & labeled
Based on sensitivity;
used for either
protection policies or
Data is protected
based on policy
Protection may in the
form of encryption,
deletion, or a DLP action
such as blocking sharing
Data travels across
various locations, shared
Protection is persistent,
travels with the data
Data is monitored
Reporting on data
potential abuse; take
action & remediate
The lifecycle of sensitive content now needs to account for data leaving the org
boundaries and being protected in a more intelligent way.
SO WE NEED TO PROTECT THE
CONTENT NOT JUST THE SYSTEM…
This is very achievable with today’s technology while still enabling users. It just
means we have to be modern and leverage the power of the Cloud.
SO WE NEED TO PROTECT THE
CONTENT NOT JUST THE SYSTEM…
Business data separation
Permissions and rights-based
DLP actions to prevent sharing
Policy tips & notifications for
Visual markings in documents
Control and protect data in
cloud apps with granular policies
and anomaly detection
Data retention, expiration,
Cloud & on-premises
Get started by enabling great modern Extranet solutions, great file sharing like
OneDrive for Business, & pro-active actionable protection via identity protection.
YOU CAN GET STARTED TODAY…
Message Me On LinkedIn or Email Richard@2toLead.com
CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
Twitter: @RHarbridge. More to come on our blog at http://2toLead.com.