Avoiding The Seven Deadly Sins of IT


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Avoiding The Seven Deadly Sins of IT

  1. 1. Kaseya IndustryAlertAvoiding theSeven Deadly Sins ofIT SecurityA holistic, forward-looking and flexible IT securitystrategy can help organizations avoid common pitfallsand meet security threats head on in a cost and timeefficient manner.www.kaseya.com
  2. 2. Deadly Sin #1: Ignorance“Prevention is more important than detection.”Crawford says that there is no sin greater than thinking you can prevent security threats from breaking intoyour IT environment. Organizations need to recognize that they have already been penetrated, and maliciouscode is waiting on a server, someone’s laptop or a mobile device to steal information or wreak havoc. Detectingthese threats is just as important as preventing them, and a successful security strategy needs to embrace bothstrategies to keep the organization safe.Situational awareness is key. Organizations need to know their current security posture, where the defenses lie,where there are vulnerabilities and whether end points are patched and up-to-date on maintenance.A securitystrategy that stresses prevention and detection will help you mitigate the effects of threats.Deadly Sin #2: Unpreparedness“We have anti-virus so we’re covered.”Most security strategies are focused on specific threats, whether its antivirus, network security or phishingattacks, but hackers today are sophisticated enough to evade conventional defenses. Organizations need tobetter understand where the last line of defense stands and develop a comprehensive and holistic securitystrategy that is able to break down the silos of defense and create awareness. Data flows freely throughout theIT environment from systems to the network to the data center, and information needs to be protected at alllevels and stages.According to Crawford, this is where IT systems management (ITSM) solutions come in.They have theframework in place to follow data throughout the environment and the ability to embrace a holistic approach.ITSM solutions already have processes in place to remediate issues in addition to providing defense andawareness.Deadly Sin #3: Neglectfulness“We scan regularly for vulnerabilities.”While scanning is a critical part of vulnerability management, it only covers the assessment and not theremediation aspect of preventing attacks. Organizations also need an action plan to combat threats and bringsystems and the network back to normalcy. Crawford suggests the PDCA plan of action, which stands for Plan,Do, Check and Act.Scanning encompasses the planning and doing aspects of the plan, but organizations also need to monitor fordeviations in systems’ status and then have a plan of action that administrators can use to remediate issues.According to a study conducted by EMA, organizations that define, follow and enforce policies report havinghalf as many instances that require remediation than organizations that are lacking enforcement mechanisms.Deadly Sin #4: Short-Sightedness“Our defenses are up-to-date.”Organizations shouldn’t plan to just win the day; they need a forward-looking strategy that prepares them toconfront security threats that may come up in the future.The nature of attacks is changing daily—essentiallymirroring the changes in technology. Consider that viruses used to be spread on five and a half inch floppies.Then they spread through the internet and email. Now the battleground is on social media and mobile devices.Crawford says that organizations need to have the flexibility in action, insight and integration.What he meansKaseya IndustryAlert | The Seven Deadly Sins of IT Security...there is nosin greater thanthinking you canprevent securitythreats from break-ing into your ITenvironment.”“Most securitystrategies arefocused on specificthreats, whether itsantivirus, networksecurity or phishingattacks, but hackerstoday are sophisti-cated enough toevade conventionaldefenses.“”Security is full of assumptions. Organizations think they’re covered, that their networksare safe, systems are updated and that their critical data is protected. In actuality,assumptions are dangerous, taking administrators off their guard while making userscomplacent.You could even say that assumptions are sinful, causing actions andreactions that put organizations, data and users at risk.We asked Scott Crawford, managing research director for analyst firm EnterpriseManagement Associates (EMA), to identify the Seven Deadly Sins of IT security andhow organizations can avoid these pitfalls.
  3. 3. Kaseya IndustryAlert | The Seven Deadly Sins of IT Securityby that is having a framework in place that allows you to respond to future issues through configurationchanges, recoveries and restores. ITSM solutions need to provide you with the visibility into your IT environmentand individual systems.And new strategies, policies and tools need to be able to interoperate within yourexisting environment.Deadly Sin #5: Pride“Security can’t be measured and managed likeother aspects of the business.”Crawford says that this is simply not true. Organizations can measure security in any number of metrics,including the percentage of systems covered and uncovered, the percentage of successful security updatesversus failed updates and the rate of patch latency. It’s not easy to collect this information, but that’s whereautomation comes in.In addition to enabling this automation, ITSM solutions can audit the network to identify known assetsand their security status, ensuring security policies are being met fully across the entire organization whileuncovering previously unknown exposures.Trends can be analyzed to demonstrate progress and determineneed. Crawford suggests visiting benchmarks.cisecurity.org for more information about what security metricsare important.Deadly Sin #6: Arrogance“Our people can cover what our technologies can’t.”It’s dangerous for organizations to rely too much on human intellectual capital for their security needs.As lifeplays out, people move on, and their knowledge isn’t easily replaced.A combination of technology automatingthe mundane, repetitive aspects of IT security management and the technicians to plan, assess and remediate isa much more consistent and safer strategy.Deadly Sin #7: Avoidance“Taking a more serious approach to our securitywill overwhelm our resources.”While building a robust and reliable information security apparatus is not a simple undertaking—especiallywhen you’re talking about large enterprise environments, it is not a herculean feat.Yes, it will require humanand monetary resources to purchase, set up and maintain the necessary infrastructure. However, there areoptions out there that are ideally suited for just about any sized IT staff and budget.According to Crawford,organizations should consider all of their options carefully including properly vetting solutions and partnersand considering both hosted and Software as a Service (SaaS) models.What should you do now?Organizations should focus on building security strategies that are comprehensive, forward-looking and flexible.Kaseya can give organizations the automation framework they need to implement a holistic strategy that runsthrough the service desk where administrators have a single console in which to prevent, monitor, detect andrespond to security threats in an efficient manner.Visit www.kaseya.com/features.aspx to learn how Kaseya can help you avoid these sevendeadly sins and get a better handle on IT security management.www.kaseya.comAbout KaseyaKaseya is the leading global provider of IT Systems Management software. Kaseya solutions empower virtuallyeveryone –– from individual consumers to large corporations and IT service providers –– to proactively monitor,manage and control IT assets remotely, easily and efficiently from one integrated Web-based platform.Go to www.kaseya.com/download for a FREE trial.Visit: www.kaseya.com | Email: sales@kaseya.com | Like: Facebook.com/KaseyaFan | Follow: @KaseyaCorp©2012 Kaseya.All rights reserved. Kaseya and the Kaseya logo are among the trademarks or registered trademarks owned by or licensed toKaseya International Limited.All other marks are the property of their respective owners.It’s dangerousfor organizations torely too much onhuman intellectualcapital for theirsecurity needs.”“...organizationsshould consider allof their optionscarefully includingproperly vettingsolutions andpartners and consid-ering both hostedand Software as aService (SaaS)models.”“