Last updated on January 11, 2021.
Most IT security professionals harbor a certain amount of conservatism: The enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of the industry; after all, it’s the security pro’s job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when comparing cloud security versus traditional networks. Cloud obviously brings more exposures than conventional on-premises IT. The question we should be asking is not whether there are more security challenges in all IT, but rather how we can refine our individual security postures to manage risks more effectively. This eWEEK slide show queries several highly placed security pros about what IT stressors are on their daily worry lists and asks them to explain their approaches on how to alleviate those pressures.
—
Stressor No. 4: External Devices/BYOD in the Enterprise
How to alleviate: Almost all enterprises have some form of bring-your-own-device (BYOD) policy because it is inconceivable to block employees from using their mobile devices, tablets or personal devices within the enterprise network. This poses a serious security risk because, once compromised, these devices might be a jumping point to the rest of the network. It is, therefore, crucial to identify, track and control access from these external devices. IP address management (IPAM) and dynamic host configuration protocol (DHCP) management enables users to actively monitor and control these devices. A well-written and enforced BYOD policy is also a must. — Andrew Wertkin, CTO, BlueCat
Stressor No. 5: Vulnerabilities in Open-Source Libraries and Products
How to alleviate: As we saw in the example of OpenSSL, which is used by almost anybody from Google to major banks, a security vulnerability in a commonly used library has an immense impact. To alleviate the risk, an enterprise should choose third-party libraries wisely to ensure that it has a vibrant community support and enough maturity to keep up with emerging security threats. Some large enterprises that rely on these libraries actually support the open-source community actively. —Andrew Wertkin, CTO, BlueCat
Stressor No. 6: PCI Compliance
How to alleviate: The latest Payment Card Industry Data Security Standard (PCI DSS) standard requires logs for external-facing technologies, including Domain Name System (DNS), recorded centrally and presented for forensic purposes. Collecting these logs and centrally managing them for compliancy is a challenge. To overcome this stressor, organizations must invest in solutions that can flex as enterprises move from the center to the edge—and are able to collect all of their DNS data centrally to be PCI compliant. — Andrew Wertkin, CTO, BlueCat
Get in touch
We’re the DDI provider you’ve been looking for.
Drop us a line and let’s talk.

Read more

Manifest V3 doubts? Try a DNS-based solution
Learn how Google Manifest V3 changes may impact anti-tracking and ad blockers and how a DNS solution might be a better option for your enterprise network.

BlueCat announces international expansion with launch of Customer Care Center in Serbia
Center will provide support and integration development services to BlueCat customers in EMEA.

Four steps to succeed with your DDI solution
New EMA research on implementing DDI solutions highlights four ways to ensure success, starting with dumping DIY approaches. Are you ready to begin?

Cloud, automation, security drive DDI pursuit
EMA research found that cloud, automation, and security are the three primary drivers behind investing time or money in DDI technology. What drives you?
Products and Services
From core network services to multi-cloud management, BlueCat has everything to build the network you need.

Read our blog
Our blog covers all the latest developments in network management, cybersecurity and DNS, with expert insights and opinions.
