We’ve talked about how to prepare your organization to start ringfencing crown jewel applications – the people and process legs of the stool to address critical risks in securing your applications.

But why is segmentation important in the first place? If there is no specific compliance obligation, vulnerability issue, or failed PEN test, why should your business spend money on controls to ringfence its applications against the spread of breach? What exactly is the inaction tax for an organization with "status quo security"?

At the end of 2016, SWIFT introduced a new Customer Security Program, which also includes the SWIFT Customer Security Controls Framework (CSCF). Last August, SWIFT announced a new version of the SWIFT CSCF in response to the growing number of cyberattacks on SWIFT infrastructures, causing billions in financial losses. Member institutions are expected to comply with these new controls and attest to the mandatory controls at the end of 2019. The latest version promotes some advisory controls to mandatory controls and introduces new advisory controls.

PCI DSS requires covered companies to not only be 100 percent compliant, but to also maintain its posture continuously. The Interim report on compliance (iRoc) is a measure of the state of compliance and efficacy of PCI controls in between assessments – and is a good proxy for measuring an organization’s ability to maintain a continuous state of 100 percent PCI compliance. Verizon’s 2018 Payment Security Report finds that an increasing number of merchants are 100 percent compliant, growing from 11.2 percent of the covered merchants in 2012 to 52.5 percent in 2017.

Intern season is upon us here at Illumio. Our summer interns will soon bring sharp minds, green thumbs (more on that to come), and that Gen Z zest for tech to a multitude of projects and activities. Before we kick off, we're taking a look back at highlights from last year's internship program – and who better to hear it from than #TeamIllumio interns themselves, Teddy Tran and Ananth Suresh. 

Whether it's your data, your customers' data, or your partners' data, your reputation and your entire business can all be gone with a single breach if you haven't secured the crown jewels assets on your network.