As we pointed out in Better Secure Access Decision Making, getting the most out of Secure Access technology is not really about the technology. It is about the people. Focusing on the tool as opposed to the tradesperson is the errand of a fool, not a businessperson.
Secure access tools can only be effective if the business remains enabled. Users can only be as effective as the access they are granted allows. The ‘multi factor authentication’ of secure access technology should include not only architectural interoperability but also interoperability with general enterprise human resources.
It goes without saying that general enterprise human resources are not cyber security experts- hence all of that cyber security awareness training that persists. More is not better and so the cyber security awareness training being provided needs to be examined to identify if it is providing as much value to the enterprise as possible.
And through that identification, cyber security executives can innovate training programs to:
- Examining everything through a risk management lens.
- Auditing the end-to-end awareness program and doing more than rolling out the same thing again.
- Unpacking desired behaviors and heat maps to gain more insight.
- Expediting different yet active learning with nuanced targeted audiences.
- Perfecting the art of the nudge.
- Discovering the relationship between Secure Access technologies and Secure Access mindsets.
- Realizing that Zero Trust technologies only work with Users’ Full Trust of the security operation.
[inlinead-1]
Standard Chartered’s Global Head of Cyber Training and Awareness, Ellie Warner discusses all of the above in her Fireside Chat at SASE Summit APAC February 17, 2021. Please join us.