As 2019 winds down and we head into the new year (and decade!), IT and security managers are making their lists and hoping for money for their 2020 InfoSec wish list items rather than budget coal.
While many technologies and projects vie for priority in the upcoming year, here are some of the things I believe should be top items on manager’s request lists:
Multi-factor authentication (MFA)
This is a remedial item on the list. If you aren’t already using multi-factor authentication for your administrative credentials, you’re a bit behind the 8 ball and probably out of compliance with many major frameworks (notably PCI-DSS). But better late than never and now is the time for your first New Year’s resolution. By applying this strong technical control over administrative logins, you will make it much harder for a hacker to take over privileged accounts which is where hackers can do the most damage. If you already have MFA in place, you might want to consider expanding the use case to cover more credentials. Some firms have even opted to use MFA for all remote access, including VPN users and vendors.
PAM and VPAM
Speaking of VPN users and third-party access, controlling your…
