Most IT security professionals harbor a certain amount of conservatism: The enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of the industry; after all, it’s the security pro’s job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when comparing cloud security versus traditional networks. Cloud obviously brings more exposures than conventional on-premises IT. The question we should be asking is not whether there are more security challenges in all IT, but rather how we can refine our individual security postures to manage risks more effectively. This eWEEK slide show queries several highly placed security pros about what IT stressors are on their daily worry lists and asks them to explain their approaches on how to alleviate those pressures.
Stressor No. 4: External Devices/BYOD in the Enterprise
How to alleviate: Almost all enterprises have some form of bring-your-own-device (BYOD) policy because it is inconceivable to block employees from using their mobile devices, tablets or personal devices within the enterprise network. This poses a serious security risk because, once compromised, these devices might be a jumping point to the rest of the network. It is, therefore, crucial to identify, track and control access from these external devices. IP address management (IPAM) and dynamic host configuration protocol (DHCP) management enables users to actively monitor and control these devices. A well-written and enforced BYOD policy is also a must. — Andrew Wertkin, CTO, BlueCat
Stressor No. 5: Vulnerabilities in Open-Source Libraries and Products
How to alleviate: As we saw in the example of OpenSSL, which is used by almost anybody from Google to major banks, a security vulnerability in a commonly used library has an immense impact. To alleviate the risk, an enterprise should choose third-party libraries wisely to ensure that it has a vibrant community support and enough maturity to keep up with emerging security threats. Some large enterprises that rely on these libraries actually support the open-source community actively. —Andrew Wertkin, CTO, BlueCat
Stressor No. 6: PCI Compliance
How to alleviate: The latest Payment Card Industry Data Security Standard (PCI DSS) standard requires logs for external-facing technologies, including Domain Name System (DNS), recorded centrally and presented for forensic purposes. Collecting these logs and centrally managing them for compliancy is a challenge. To overcome this stressor, organizations must invest in solutions that can flex as enterprises move from the center to the edge—and are able to collect all of their DNS data centrally to be PCI compliant. — Andrew Wertkin, CTO, BlueCat
Everything you need to know about shadow IT
When users implement their own solutions behind the IT team’s back, that’s shadow IT. Learn about the risks and how to manage and reduce it with BlueCat.
10 best Ansible modules for infrastructure as code
10 (plus a bonus) Ansible automation modules that anyone—from a beginner to a power user—can leverage to transform their network infrastructure to code.
How an agency IT chief innovated amid bureaucracy
Government IT innovation isn’t easy, but Chad Sheridan did it at the USDA by removing silos, earning top-level buy-in, and moving to a product mindset.
Lexmark CIO & CTO on recognizing the right use cases for AI
Lexmark CIO & CTO Vishal Gupta wades through the murk surrounding AI, explaining what tech organizations should know when deciding whether to adopt it.