A recent CSO Online feature laid out seven security practices that belong in the scrapyard—from legacy VPNs to SMS-based MFA.(CSO Online) It’s a sobering checklist, but also a validation of the approach we’ve been championing at EMBER for years: a holistic, framework‑aligned, technically rigorous security strategy that’s built for the realities of modern, cloud‑first businesses. Below is a quick tour of each outdated habit and a look at the safeguards EMBER has in place today.
1. Perimeter‑Only Defenses → Zero‑Trust by Default
The article warns that the old “castle‑and‑moat” model is useless in a hybrid, cloud workforce.(CSO Online) At EMBER we start every engagement by mapping client assets to a recognized framework (NIST CSF, CIS v8, etc.) and designing zero‑trust controls around identities, data, and workloads. Our monthly security‑hardening calls keep those controls fresh while ensuring leadership stays accountable.
2. Checkbox Compliance → Risk‑Driven Alignment
Basing security solely on “passing the audit” creates blind spots.(CSO Online) We treat frameworks as way‑finders, not finish lines—using them to prioritize real‑world threats, not just tick boxes. Continuous Threat Exposure Management, live attack‑path mapping, and remediation sprints keep risk—not paperwork—front and center.
3. Legacy VPNs → Modern, Identity‑Aware Access
Traditional VPNs are brittle, slow to patch, and hard to scale.(CSO Online) EMBER has eliminated legacy VPNs entirely, replacing them with identity‑based ZTNA/SASE gateways that authenticate every request and segment sensitive resources automatically.
4. EDR‑Only Visibility → Cloud‑Native Monitoring
Attackers now sidestep endpoints to hit cloud consoles, APIs, and SaaS tokens.(CSO Online) Our SOC watches far more than laptops: Microsoft Sentinel, the #1‑ranked, cloud‑born SIEM, ingests signals from Azure, AWS, Google Workspace, identity providers, and network edge devices—turning blind spots into telemetry.
5. SMS 2FA → Phish‑Resistant MFA
SIM‑swaps and SS7 flaws make text‑message codes an easy target.(CSO Online) EMBER blocks SMS MFA globally. Instead, we enforce push‑based authenticators, FIDO2 security keys, and certificate‑backed agent auth, slashing takeover risk without sacrificing user experience.
6. On‑Prem SIEMs → Elastic, Cost‑Controlled Logging
On‑prem SIEMs generate alert fatigue and force “log poverty” decisions.(CSO Online) Sentinel’s born‑in‑the‑cloud architecture lets us scale ingestion on demand and apply analytics to years of data without the forklift upgrades—or the sticker shock.
7. Passive Users → Engaged Human Firewalls
Security isn’t a spectator sport. Passive employees leave the door open to phishing and social engineering.(CSO Online) Every EMBER client undergoes mandatory, role‑based security awareness training and routine phishing simulations. The goal: turn users from our weakest link into an active defensive layer.
The Takeaway
If these obsolete practices still lurk in your environment, now is the time to act. EMBER’s blend of framework alignment, zero‑trust architecture, cloud‑native tooling, and user empowerment delivers the resilient posture today’s threat landscape demands—without the outdated baggage.
