Okay, well… that might be a fictional story published by satirical newspaper The Onion. But it does highlight an important point: vulnerabilities abound in computer systems, so much so that IT professionals are having a difficult time keeping up with them all.
There’s a variety of reasons for why there are so many security holes.
One factor is complexity. To illustrate, just think about how complicated an organization’s networks are today. Gone are the days when systems simply consisted of desktops and PCs. Now IT personnel have to worry about third-party applications, virtual machines, cloud-based services, and a whole slew of other new devices.
That doesn’t even include what security professionals must do to protect those endpoints. Sure, they can choose to focus only on compliance and simply “check the box,” but as we all know, more robust (i.e. operational) security requires that IT folks invest in continuous monitoring and risk management with the teamwork of business executives.
Without such of support, IT professionals don’t have formal processes they can use to monitor changes on their organization’s endpoints. No processes mean security is bolted on and not built in from the start. And that helps no one.
So, what are companies to do?
If organizations want to truly reap the benefits of operational security, they need to be able to recognize the importance of change, i.e. the “great disruptor.” On the one hand, change can consist of an unapproved modification that signals a breach. But on the other, change is also necessary for organizations to update their endpoints and plug known vulnerabilities.
Security is, therefore, a matter of organizations staying on top of approved changes and flagging unapproved alterations.
That’s not impossible. Monitoring change is the essence IT configuration management, or an organization’s ability to create, edit and administer IT security hardening policies in a way that fits real-world business processes.
To begin, IT personnel need to make sure they work with business executives to ensure change control processes apply to all devices, invest in automated change control capabilities, and leverage white-listing to ensure apps and system remain secure. That type of process consists of several phases, including mapping out an organization’s assets, planning for future changes, evaluating the business risk of an alteration, and implementing the modification.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.