• Skip to primary navigation
  • Skip to main content
  • Skip to footer
The Evolution of ESG RegulationThe Evolution of ESG RegulationThe Evolution of ESG Regulation

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • CUBE's technology
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • RegNews
        • Brochures
        • Find

        • Compliance Corner
        • Compliance confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » Future Ready: 5 considerations for Security Operational Transformations in the ‘new normal’

January 10, 2022

Estimated reading time: 4 minutes

Future Ready: 5 considerations for Security Operational Transformations in the ‘new normal’

In the first of the Future Ready series, AJ Khan explores strategies for operational transformation and lists the 5 keys to success.

In this new series, CUBE, in collaboration with the Canadian Regulatory Technology Association (CRTA), speaks to industry experts about cyber strategies in the ‘new normal’. As the coronavirus pandemic has swept the globe, businesses have been forced to re-examine their approach to cyber. In the first of the series, AJ Khan explores strategies for operational transformation and lists the 5 keys to success.

Are you ready for the #cybernewnormal?


The COVID-19 pandemic has forced all organizations – from financial institutions to the automotive industry – to re-examine their approach to ensuring cyber resilience in the new normal. The operational transformation undertaken by organizations to enable the Work-From-Home (WFH) workforce has introduced new risks in the corporate ecosystem. These risks need to be identified and their impact assessed to better protect businesses across the globe.

The top five areas of concern that need to be addressed for the risk assessment of this new Operational Transformation are:

1. Acceptable Devices

COVID-19 has increased, and in some cases introduced, the use of ‘bring your own device’ (BYOD) as an organizational enabler for WFH in the new normal. This means that organizations need to have a defined BYOD Policy that enumerates the acceptable devices that can be used for corporate work. This policy must also address the concerns raised due to the lack of separation between personal and corporate data and increased chance of data leakage due to this BYOD enablement. The key to assuring that the security is maintained in the WFH environment is to ensure endpoint management and limit the access to data based on the principle of least privilege.

2. Infrastructure Changes

COVID-19 has accelerated the organization’s embrace of perimeter-less architecture. Firewalls and VPNs are no longer enough to ensure the protection of critical organizational assets. A more holistic cyber governance strategy needs to be in place which focuses on data as the core asset. This cyber governance strategy needs to identify and protect the global systems where the organization data is being processed, stored, or transmitted. As this might include third-party SaaS apps, an infrastructure strategy needs to be fully adopted that enables CASB (Cloud Access Security Broker) and Federated ID solutions.

3. Incident Reporting

A WFH enabled workforce has greater reliance on incident reporting. This means that the Cybersecurity Incident Management Policy must be clearly defined and effectively distributed among the workforce. This policy must precisely specify the criteria for reporting an incident in the new WFH environment. It should also provide guidance on the initial reporting notification and the methodology used to detect, identify, report, and recover from the incident.

4. Greater Movement to the Cloud

COVID-19 has greatly increased the usage of the cloud. However, one of the major challenges of moving to the cloud is cloud governance. An organization needs to ensure that a cloud governance framework is in place that provides guidelines for the development, operations, and assessment of cloud apps. The increased reliance on cloud apps also ensures that there is greater exposure to organizational resources that need to be secured to limit data breaches. The organization’s risk management team must assess this increased risk and ensure that effective controls are in place to mitigate the enhanced risk profile of the organization.

5. Remote Tools

There is a greater reliance on remote tools in the post-COVID-19 world and this has raised concerns about privileged accounts and operational security. An increased reliance on personal devices means that there is less oversight, and this increases the threat of malicious insiders. Furthermore, enhanced remote access to resources could allow threat actors to escalate their privilege within a system. Hence, companies must closely manage any privileged access across their networks. This has increased reliance on effective security monitoring and logging of interactions within and from outside a company’s own network.

To summarize, the post-COVID-19 world has only highlighted further the importance of Governance, Risk & Compliance to ensure the confidentiality, integrity & availability of critical assets of any organization. This aim can be met by developing effective cyber policies & procedures that meet the cyber challenges of the WFH environment and addresses the risks presented by this new normal.

Listen to the experts

On the 25th August, the CRTA and CUBE hosted an audience-led roundtable that discussed the new normal for cyber. You can listen to it on our catch up service no.

Listen to the roundtable

Related resources
View all resources
Sylvia Yarbough whispers to a colleague about the key to customer complaints
Blogs

Compliance Confessionals – How does a CCO stay organized?

resilience
Blogs

Get ready for new digital resilience obligations

Department of Justice (DOJ) and new regulations
Blogs

The DOJ’s take on corporate criminal enforcement policies

Blogs

Why is a whistleblower policy important? 


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News US
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US