Three basic principles for better security and IT management in 2021
Written by: Arthur Hart
The year 2020 is nearing its end and there is already an avid look back at the biggest security incidents of the past year. However, few people are looking at the fundamental mistakes that most organizations are making. For example, many organizations still make the mistake of constantly implementing new tools without having a clear view of their hardware and software assets. Where these are located and which applications and systems run on them. By releasing more and more tools on a shaky basis without insight and control, every security and IT management strategy eventually becomes worthless.
So what do organizations need to do now and in the coming year to ensure that powerful security and IT operations basics are used?
Provide full insight
But then for real! IT teams can't protect what they can't see. Good IT hygiene starts with an accurate, up-to-date and contextual inventory of all endpoints in the organization, including laptops, VMs and cloud instances on the network. But that's just the beginning where a jumble of tools - from asset discovery solutions to SIEM and CMDBs - still doesn't provide full visibility.
The reason for this is that a collection of point tools does not help to map out the bigger picture, or, in other words, full insight. Each product and each tool has its own 'view' of the IT environment. Individual tools can certainly generate data that seems useful and complete, but when IT teams combine the various data sets, gaps start to appear.
An example. IT teams may have a tool that brings endpoint detection and response (EDR) telemetry to the cloud every five minutes from all systems except their unmanaged hosts. They may have weekly vulnerability scans for PCI systems, but only once a month for workstations. Their asset discovery solution may scan for unmanaged and managed assets, but only in the data center and only once a day. And when they need a new dataset that wasn't fixed in advance and is beyond the scope of existing tools, they can forget about that dataset! Consistently merging all this a-synchronous data to arrive at insights is not only complicated, it's almost impossible.
IT teams can fill this lack of insight by investing in a truly unified endpoint management platform. By arming themselves with a single source of endpoint data, they ensure that the gaps in insight disappear.
Consolidate the IT environment
A broad collection of point tools is not only a challenge in terms of insight. A study by Forrester shows that organizations use an average of 20 (and often more!) tools from more than 10 different vendors to secure their environments and keep them airborne. Large organizations are easily moving towards 40 to 50 point solutions. An astonishing number!
In such a fragmented environment, it is not easy to implement good practices in the field of IT hygiene because each tool offers different data and insights. What's more, it is costly to get to know and maintain each tool individually. They often have a short lifecycle because they are built in a specific period of time, for a specific purpose and do not always take future developments into account.
The good news is that it is not really complicated to drastically reduce the number of tools. IT teams will first have to take stock of the capabilities and deliverables for their organizations, regardless of the tools and technology required to do so. Next, each tool will have to be looked at separately to see exactly what it contributes. Finally, a Venn diagram will need to be drawn up to see where there is a potential overlap between the tools. Such an audit is quite difficult, but it is necessary to identify the opportunities for consolidation so that IT teams can then work with fewer tools and more insight.
Remove silos for IT operations and security team
You can't implement IT hygiene and cyber security best practices if your teams don't (properly) work together. Existing point tools often just add fuel to maintaining silos between IT operations and security teams instead of promoting collaboration that is truly crucial to better business results. IT operations and security teams must work together around a common dataset that gives them insight and control over all available endpoints. This enables them to prevent technical disruption and cyber threats and respond to them in real time.
Without fundamental security measures, IT teams will lag behind from the beginning of 2020. In the coming year they will have to be able to identify gaps in insight via a uniform endpoint management platform, reduce the number of IT tools in use and bring IT operations and security teams together.
Get off to a fresh start in 2020. When IT teams can focus on rolling out basic security measures, they will be in a much better position to be successful. Not only next year, but all years to come!