With the advent of WFA (work from anywhere), the complexity of ownership and privacy around BYOD (bring your own device) and the agility coming from the modern service centric delivery of software (infrastructure or platforms as a service) it is all too easy for an organisation to be steam rolled by the gargantuan efforts that are needed. It is almost becoming to hard to manage these work and transformative practices into the future whilst also providing your business with IT Certainty. PAV are focused on delivering IT Certainty and to us this is an IT state where IT is fully productive, meeting your business requirements, is maintained throughout its lifecycle and where gaping holes in the security landscape are proactively spotted and corrected before issues occurring. To us, IT is strategic and not an afterthought.
In 2021 with the effects of #WFA and #COVID19 making huge transformative business practice shifts, IT out of the box is simply not delivering IT certainty without significant additional effort or investment. This is problematic as business leaders are increasingly drawing parallels between consumer experiences (mobile technology and mobile applications) with the results and practices of their own IT teams when to them, the practices look very similar. Organisational leaders want always on systems (99.999% +), always secure, always patched and always performing to the peak. They want this even though the environments are homogeneous and entirely complex IT estates from a plethora of loosely coupled IT providers. This is a simplification of the reality, but I hope you can all draw parallels to what I have outlined. To explain further, let me provide a couple of examples and then my thoughts to help you understand the angle I am coming from here within the blog:
- Standard endpoint equipment might have disk encryption enabled which is essential but can you centrally also enforce remote wipe on these devices should they fall in to the wrong hands or if an employee leaves?
- Looking at the productive user environment, can you allow users to get immediate and automatic access to their applications as they boot up a brand new device for the first time? Is this process self-service or IT administered?
- Does the device enrolment process conclude with a lifecycle management process where this device complete with OS, drivers and applications is maintained for the hardware viability of the device? Or are manual processes taking place?
- Is your security investment harmonised across your systems, networks, clouds and applications? Is it working automatically and taking 3rd party data sources to ensure that your threat landscape is reduced and benefits from automation of response?
I am betting these points are resonating and probably for many of you, you are aware that there is an IT Gap and definitely not IT certainty in these areas.
It is often the case that automatic device and application enrolment is desired by IT as a future project but time has not been afforded and it has yet to be fully implemented across your organisation. You are completing time consuming and manual activities involving commodity / departmental end user equipment purchase, to intercept the orders back to the HQ, to deliver an OS image (which was often referred to as a gold image), patch it manually, install applications on it and then configure networks, printers as necessary… and repeating this for every new user device (or replacement). The march of time is relentless and our complex IT environments will always have new exploits or issues being discovered either within the core operating systems, applications or within device drivers or firmware. These flaws could either be a minor problem (bug) or worst still provide a security vulnerability or backdoor that 3rd parties can exploit to solicit advantage upon your organisation (financial or misery). Finally and often the poorest conceived element of IT… Does IT handle the advent of time as a lifecycle, pushing out patches wherever required, enforcing new centralised configurations or policy as needed? Will it maintain its local security technology and tap into information sources both within your organisation as well as from the wider user community to ensure the user is protected optimally as this real time insight is directly actioned during this lifecycle? Is the death of a device after it useful timeframe managed appropriately with your business having the confidence that a piece of important information whether personal or business is not left on the device at disposal or resale?
IT has come an awful long way in the last 2-3 years and the pace of digital transformation is accelerating and the above concepts and work practices are of serious concern to all. However, the universal delivery of IT to all businesses with full automation and productivity affording an always on, secure, patched and managed lifecycle remains a future IT goal to most. Time and IT effort remains the default for most IT departments even though we often find that the cost of improving in these areas is less than the business investments required to continue with the legacy and office based IT processes and tools. Obviously, CAPEX spend is harder in these troubled times, but many of these technologies show sub 2 year return on investments and are often OPEX costs rather than upfront outlays. Food for thought for many IT decision makers as a result.
The rest of this blog teases out a few important areas that have a profound impact upon productivity and automation and are often cost effective to implement with fairly immediate return on invested IT spend.
Safe and smooth information access – even when #WFA
Well organised IT occurs when all users have exactly what they need, in the form they need it, with the security wrapper that they and the organisation needs and importantly, this occurs exactly when they need it… IT is always on. In the best case scenario, there is no sacrifice on information security when delivering this end user productivity in the #modernworkplace. In the advent of #WFA and data migration off premise to #cloud, the smoothness by which employees interact with data, applications and each other has never been more in flux / subject to change. Aligned to this, sticking plaster solutions that only focus on making staff productive following the switch from offices to home working have unfortunately resulted in huge security issues occurring at the same time. This is inevitable when the necessity to access corporate legacy application often led to virtual private networks (VPN) being made available often without appropriate authentication (2FA / MFA) or organisational scrutiny around the robustness of the home environments that they now enter routinely (bandwidth, router password policy, shared networks, 3rd party visibility, data encryption).
The IT environment and its management are a critical part of the operations of companies and organisations. A well-built IT environment increases work efficiency and improves the level of information security. In order for the IT environment to be manageable, all its various aspects must be taken into account. For example, people skills, wireless signals, junk printouts, phone memory cards, and physical space monitoring are all part of an organization’s security.
IT IS IMPOSSIBLE TO FIX EVERY ASPECT OF SECURITY. SECURITY IS OFTEN A DELIBERATE COMPROMISE BETWEEN THE LEVEL OF SECURITY AND THE RESOURCES AVAILABLE. THE MOST IMPORTANT THING WITH REGARD TO INFORMATION SECURITY IS TO FOCUS ON THOSE ISSUES THAT ARE ESSENTIAL FOR YOUR OWN OPERATIONS.
Safe and smooth working organisations are those that understand this and build out capabilities that identify potential problem areas dynamically so that problems can be prevented or mitigated in a planned way. Doing this is hard but it is not impossible. PAV ourselves are releasing a home grown application to our customers that can provide real time inventory and an awareness of that inventory against things such as patch version or running process appropriateness using trusted 3rdparty information sources to cross reference against. Only issues discovered are escalated to IT which allows IT to cut through the mountain of information and focus on the things that are essential to be resolved quickly. This application will keep IT operational and secure without interruption and will work across office equipment and devices in all #modernworkplace settings. Using this technology we believe that your business will run smoother and more efficiently and your vulnerability to cyber-attack through miss patching is mitigated and minimised continually.
Handling the audit and patching requirement is just one side of the safe and smooth coin, the other side of the coin is the security posture of your organisation. We increasingly feel that the useful time for the delivery of good point solutions has ended e.g. AV, file sharing, ransomware solutions etc.. What business transformation requires in this #WFA timeframe is an integrated security platform that unifies and co-ordinates the business defence to a plethora of attack vectors on to end points, networks, cloud and applications. However, we cannot get around the fact that most organisations have invested in technology which are amortised within balance sheets for several years to come. A full replacement strategy to provide a cutting edge fully integrated platform would entail new license acquisition (perpetual or subscription) as well as associated migration and implementation costs. These are not trivial changes and this sales play by vendors has become totally unrealistic as a result. There is a need therefore to handle the point security solutions that are already in place, adding value and embracing them. To adjust and effectively overlay with them and adding incremental automation / productivity enhancements that reduce human resource management requirements and also at the same time decreases the latency on threat response by making detection optimised and the response more automatic. This may sound like pie in the sky or wishful thinking but there are technologies today that provide integration, automation and insight across an homogeneous technology ecosystem. #CISCO have released SecureX which is committed to creating a truly integrated and open platform that delivers a better security experience and protects what’s now and what’s next. We will be providing more detail on this technology and associated blogs in the coming weeks.
Another significant area of recent innovation around #cybersecurity relates to visibility and intelligence that can be derived from harnessing the data from connected devices and applications. Providing early warning systems and decision support. This is another area where we feel that clients can improve their preparedness against all sorts of cyber threats and where this can augment what is already in place. The data insight coming from billions of devices and the associated metadata being reviewed by specialists against known and suspect issue types. This gives organisations real-time threat posture insight and is many orders of magnitude larger than the data / analysis that can come out of your own IT estate (even if you had time to review it and the logs files for exploits). Cisco #Talos is one of the largest commercial threat intelligence teams in the world, comprised of world-class researchers, analysts, and engineers. This team is focused on providing clients with actionable intelligence and vulnerability research to drive rapid detection and protection. Their objective is simple, to find emerging threats and stop them early and in doing so to protect the Internet at large. For an organisation to benefit from Talos they merely need to own a Cisco security product and there are plenty to choose and implement either tactically or strategically as part of a holistic end to end security review. In either scenario, we here at PAV can help you leverage these technologies in the #modernworkplace.
The Lifecycle of IT
This is a workflow relating to your organisational IT which is the foundation of productivity. It is the understanding of how something arrives into your organisation, how it is maintained and eventually how it is retired. Each device or application within your organisation has its own lifecycle; at some point they are put into use as new, a little later are taken out of service and are either physically renewed / replaced. Historically, this lifecycle has been an intensive and manual process that is completed infrequently which makes it subject to aging and inaccuracy fairly quickly. This unfortunately has a huge impact in this ever connected landscape as the vulnerabilities associated are changing from one day to the next… This approach to IT means your business is increasing your exposure and risk of being subject to breach and a loss of data with the follow on and well published side effects.
The ability to provide a near real time outline of the exact end points (desktops, laptops, smartphones, tablets), networks (Access points, routers, firewalls, switched) and application estate has become ever more critical.
It is possible to activate key technologies such as Microsoft Autopilot which is a technology that enables self-service
activation of Microsoft based endpoints with predefined settings. All the user has to do is turn on the device and give Autopilot editing rights, everything else is automated. Once Autopilot has done its trick, the device is ready to use right away and applications can then be installed into a safe and configured environment. This technology facilitates the embarkation / start-up of a new employee with shipments being conducted direct from manufacturer to the employee with minimal IT involvement (Dell, HP, Lenovo). However, Autopilot does not address the full lifecycle and for this there are other technologies that need to be overlayed.
For customers with a Microsoft focus there is another Microsoft’s technology called Intune. It is also known as Microsoft Enterprise Mobility Suite (EMS). Intune when coupled to Office 365 really do start to address productivity and automation even down to the application stack pertinent to that user. Just as important, it provides this capability whilst also ensuring security in all situations and at all points in the lifecycle inclusive of being able to remote wipe devices and lock down ports or application installation to ensure the device remains in a known state throughout.
As good as Intune is, it also does not meet every requirement of a business and does not address things such as free desktop gadgets such as Adobe Reader, java, Apple, IOS etc… All these things if left unpatched would still provide a security vulnerability that can cost an IT department / organisation dearly. PAV have developed a technology that sits alongside Microsoft intune to ensure all common applications and gadgets that reside on an endpoint are centrally managed and kept up to date to block security vulnerabilities. Full environmental auditing is afforded centrally to ensure up to date information about applications, operating systems, processes that are running and historic events affecting each device.
JOIN OUR LINKEDIN LIVE EVENT ON MARCH 11TH
Designing in Automation and Productivity to Support the Modern Workplace