E R T N
P
X
E INIO
OP
so you can monitor where you are and
then work to improve it by reaching out
to various employees and groups.
Having that visibility and control also
increases awareness of the problem and
once you’re aware, that’s when action
becomes much easier. If you don’t have
this information, how do you actually
inspect what you can only expect?
How would you summarise the
main benefits of LastPass for
enterprise customers?
It’s really about being able to close the
other 50% of the windows and doors
of the organisation. I also think being
able to report out on that, being able to
understand where you are and see that
improvement, is also very critical.
There are now vendors who can
produce security scores, like credit
www.intelligentciso.com
|
Issue 09
scores. And with us, we have a
password score. As you look at the
pressures particularly large enterprises
face when it comes to risk and risk
mitigation, anything you can do to
quantify that risk, and then also prove
you are improving over time on that, is
really critical to both maintaining your
funding and getting more of it.
Is there any best practice
guidance you would give
to CISOs about password
management?
It’s ok to admit you have a problem. It’s
ok. You’re not alone. That’s number one.
And two – you have to recognise that it’s
bigger than just your organisation.
This has to do with people’s personal
habits as well as professional habits.
It might seem like a good answer to
your problem is to make password
requirements harder in order to protect
all of the systems – cloud, on-prem, etc.
But I think all you’re going to get there
is rebellion.
So, keep it simple; complexity is not
the answer. As you look at passwords,
recognise that you only know less than
half of what apps your users are using.
So whatever solution you choose, you
want your employees to feel comfortable
bringing a new tool into their workflow.
I think that’s some of the biggest advice.
And then work with the vendor on that
rollout, as there are a lot of innovative
things you can do – everything from
office posters to games, to putting
shared passwords in so people actually
have to get access to it and log in so
they can get that information. u
43