Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
March 23, 2020
Like many of my peers, my role as a Chief Security Officer (CSO) has dramatically changed as we work to understand and adapt to COVID-19. It’s hard to believe that just a few weeks ago, my mind was focused on things such as FedRamp and the California Privacy Act (CCPA), now the majority of my time is focused on ensuring our employees safety and productivity, so they can continue to deliver products and support our customers and partners. Fortunately, as a cloud first company, our Continuous Intelligence Platform has a number of advantages, such as scalability and elasticity, that gives us the flexibility to address unplanned activities.
What makes my team’s job especially challenging is keeping up with a health crisis that is rapidly evolving by the hour. The speed in which the situation is changing has prompted us to adopt new ways of doing business.
Below are a few best practices that worked for us at Sumo Logic, which you may want to consider as part of your CSO strategy.
Empower your leadership with prescriptive information
Proactively provide your leaders with relevant information, so they can make quick decisions. For example, if your leaders are going to make decisions relating to work from home policies, let them know if the resources are there to support a decision, such as if you have enough Zoom accounts in place, back those up with Google Hangouts, VPN support and an old school “1-800” telephone number just in case. We found this to be especially important for our regional leaders, whose countries had faster evolving situations compared to the US. As a CSO or CISO, you also have to be ready to take the reins and lead your organization with a prescriptive approach instead of a subjective message.
Move quickly to disseminate information to employees
Once a decision has been made it is important to have a single consistent message sent to employees. In addition to having an email sent to the entire company, set up a Slack channel, encourage managers to have conversations with their direct reports as well as utilize other lines of communications that align to your organization’s culture. In this situation, always over-communicate.
Use existing technology to take a “pulse” of your employees
With increased use of real-time chat and collaboration technologies such as Slack, GChat, and Skype for Business, these can be used as a forum for leadership to disseminate information, but also engage with employees to answer any of their questions and concerns. Regularly monitoring these channels is a good way to gauge potential impact on any decision and determine any course corrections.
Set up an emergency management team
You probably already have one in place. Within Sumo Logic, our emergency team includes e-staff, regional leaders as well as members from our security operations center. We found that meeting for a half hour twice a day was optimal to get a status update and make any critical decisions.
Look at your cloud-first tools pipeline
Leveraging cloud during these times and unchartered waters has been critical. Think about organizations who support their own data centers and use on-premise solutions. If everyone is truly working from home, who goes in to support those operations? How are you rolling your infrastructure to meet scale demand of your customers? This becomes increasingly difficult as social distancing is now the new normal. With cloud, you just support and secure your applications and data.
Be ready to answer service supply chain questions from your customers
BCP and DR are critical areas of focus during times of crisis. Be ready to answer questions concerning key personal, region, location and supply chain outages. There will be a lot of inbound questions on how you will operate in case of a supply chain outage, think AWS, PagerDuty, and Identity. Your team will have to scale and do their best to self-serve these along with the normal amount of security and compliance questionnaires.
Be on the lookout for attack surfaces
Insecure home VPN exposes systems and data. Make sure you tell your employees to lockdown their routers with complex passwords and leverage data loss prevention (DLP) technologies. We have seen an uptick in targeted phishing campaigns that includes fake GoFundMe messages.
Have a mindset that goes beyond your CSO title
Instead of looking at things from a technology perspective, you will also need to look at the human impact as well. This means being empathetic to people’s needs and workstyles. Yes, your job is making sure the business is still running, but you also need to make sure that employees are staying engaged and not overworked. Taking a human first approach will have long term benefits.
Again these are best practices that worked for our organization. Hopefully, you will find these useful to help your company weather this current health crisis and become stronger when it ends.
Join Sumo Logic CSO George Gerchow and Code42 CISO and Chief Information Officer Jadee Hanson for a live Webcast on Thursday, March 26, 10am CDT, as they discuss the challenges managing data security risks that lives outside their typical network infrastructure and successes from both companies first week of working fully remote. Register here. (If you can't make it for the webcast, register anyway and we'll send you the recording after!)
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial