Where, or perhaps more precisely, on what device are you reading this article?
Chances are that you are doing so on one of the multiple devices you own, all of which you have responsibility for. Some probably belong to you, others to the company you work for, and in a few cases maybe even third parties.
Bring your own device (BYOD) policies mean that people will bring their personal devices to work and with them, the risk of uploading malware from their machines into the network. Likewise, using corporate owned devices at home through corporate owned personally enabled (COPE) policies exposes these devices to what could be an unsecured or compromised network. They can be phones, tablets, laptops or desktops, and, with the exception of the latter, people can use them practically everywhere.
This means that hundreds of different devices, running different operating systems and at different levels of update, need to be managed in a coordinated way. After all, there’s no point spending hours updating the firewalls on all the PCs if the malware can make it in through the employees’ personal phones. For network administrators, this represents a phenomenal headache, and the bigger the network the bigger the headache.
The pressure on the C-Suite to take an interest in the status of their digital infrastructures has also been climbing. Recent upsurges in widely reported ransomware and worm attacks, such as WannaCry, have placed an emphasis on security, whilst upcoming regulations, like GDPR, are incentivising closer control over the company’s data. For there to be an assurance that every entry-point into an organisation is covered, IT administrators have to have clear visibility over the network they’re meant to control, eliminating Shadow IT which, given the size and complexity of many companies today, means having systems and technologies that are fit for purpose.
Let’s say the company you work for, as an IT administrator, has 100 people, and that each person receives a work phone and laptop. Most of the time, they will also always bring their personal phone to work, perhaps even connecting it to the network, and some may even bring their own laptops (if they prefer to work on a different operating system).
This means that you may have over 300 devices operating or connected to the network at any one point, and, if unpatched, each of these can become an open door for cyber criminals. While patching issues and updating technology may be relatively straightforward for private devices, it becomes increasingly more difficult the more devices are added to a network.
This issue is then compounded by the need to also update and patch third party programs, which are actually the main point of entry for zero day attacks and other types of vulnerability exploits. So even if the main operating system is up to date, failing to update a program like Adobe Reader could leave devices, and thus the rest of the network, open to infiltration. Ideally, therefore, IT administrators should be able to see what version of what software is installed on which device connected to the network.
Why has this become so important? Well, here are some of the reasons.
More, and more, and more devices
If the current technological trends don’t suddenly change course over the next 5 years (and there’s no reason they should) the world is headed for a virtual yarn ball of connectivity. Just to start, virtual reality devices will slowly be added to the connectivity mix, meaning that additional operating systems will require management and interconnectivity; and as working on the go becomes more popular, devices will also be interacting with more networks than even before, and thus require more regular maintenance to ensure none of these networks snuck in an undesired program. The internet of things (IoT) isn’t simply a buzzword, it’s the ultimate destination.
Time is money
More than ever, the adage that “time is money” is proving to be true, and especially so for security: According to a Ponemon Institute study, it takes an average of 98 days for financial services companies to detect intrusion on their networks and 197 days for retailers. But when GDPR comes into vigour in May 2018, companies will have a grand total of 72 hours to report a breach before they are found liable.
>See also: 3 ways to manage BYOD for a modern workforce
That’s 3 days to identify anomalous activity on the network, and given that according to Veritas’s Databerg Report of 2015, 59% of data stored and processed by UK organisations would be invisible and could contain everything from cat videos to adult material, there’s a high risk of non-compliance.
To avoid this panicked scenario, visibility into end-points will be essential, especially since most companies do not boast of a particularly large IT department. IT managers will have to quickly identify, assess and possibly remove vulnerable end-points from the network before they are truly threatened. Once a breach does occur, the only thing to do will be to limit its spread, and once again visibility and centralised control will prove essential.
Data is becoming more important
The growing debate over privacy has resulted in a concerted global effort to determine clear responsibility and ownership of data. These questions become doubly important with the introduction of GDPR, which ensures prohibitively punitive penalties are applied to any transgression. The fact that transgressions could cost companies millions of pounds or very severe sanctions means that smaller players literally cannot afford to deprioritise data management and security.
Failure to upgrade and patch software will be enough for persecutors to attribute blame for the breach to system administrators, so it is imperative that every device, down to the smartwatch, is managed carefully, consistently and regularly.
Don’t think this is only for companies operating in Europe (which is, admittedly, every company in Europe and a large number of international enterprises). Many countries, post Brexit UK included, will have their own specific regulatory outlines to deal with data, making the compliance process even more complicated.
May’s global cyber attack
If the WannaCry worm attack did anything positive it was to highlight, at what can be considered a substantial detriment to the NHS and others, the importance of maintaining up to date systems.
After all, the patch was available weeks before the attack, so any companies who followed Microsoft’s advice to update their systems were spared the ransomware. The only companies that seem to have suffered were those that actively resisted digital transformation, against the advice of cybersecurity experts, and did not update their legacy infrastructure.
While it can be difficult to convince executives that security vendors are not always exaggerating, the WannaCry ransomware did a great job of amplifying what security professionals were having trouble vocalising. While the NSA and Microsoft can accept a fraction of the blame for allowing this vulnerability to go unpatched for so long, they cannot accept full responsibility for the weekend’s events, which must rest, in large part, at the feet of those affected.
The list above is by no means exclusive. While automation is not a magic bullet, it is a big help, not only for increasing efficiency but improving security as well. These processes can help manage high device numbers, attribute resources appropriately, comply with an increasingly complex ‘global’ regulatory system and protect your business from vulnerability exploits. In the era of mobility, when interconnectivity is the buzzword, additional endpoints are constantly being added to and in between networks. People have long since passed the point where they can manage these systems by themselves. Luckily, they now have digital partners that can do this, and even better, they’ll do it 24/7, 365 days a year.
Sourced from Sean Herbert LISM, Country Manager – UK at Baramundi