Working in the enterprise IT domain has always been interesting; regardless of how prepared you think you are there is always some new disruptive technology or event that manages to keep everyone on their toes. This is a given, and something to which we’ve all become accustomed. The particular challenge we all face now is that the entire global IT ecosystem has had a forcing function shoved down it’s collective throat, and the response to this challenge is multi-leveled and multivariate.
In March of 2020 the entire business world was told to go home but keep working, which was disruptive, but it was disruptive consistently. Now, as we “return” to “normal” the model is much more haphazard; some employees prefer working from home, some want to be back in the office, management is still working through alternatives and appears to be tapping the brakes, Covid is now Delta (and apparently there’s a Lambda version in the wings), so the bottom line with this much uncertainty is that business is going to have to move to a hybrid IT model, and this has significant security implications.
Mobile technology (or more accurately, technology not in a fixed location) is inherently less secure than something in a secured location behind a firewall. Between Endpoints that move around, applications residing in an unsecured Cloud server (more common than you’d think), and access to those Cloud apps from sub-optimally secured networks, keeping track of the details associated with all these variables in the context of a vastly expanded attack surface has become mission critical. Patch management and AV status per user and per device needs to be determined with complete accuracy and timeliness; aside from the security risk associated with not being current, there are also compliance mandates that need to be followed (saying “I don’t know” when asked about device status during an IT audit is a great way to walk into a seven figure fine).
This problem is not only critical, it cuts across multiple industries. *
Because more and more of what IT drives relies on automation (meaning speed and scalability) even the slightest delay in updating patches has huge implications, and sadly most companies have response times measured in days or weeks. To address this means critical operational variables need to be automated and driven by workflows; this is why automated patch management (Automox) combined with integrated IT asset management workflows that span previously separate silos (Oomnitza) offers a comprehensive and robust solution to the endless challenges faced by IT support and operational staff .
Why should this be at the top of your list? It’s a non-negotiable security requirement in an era of expanded attack surfaces (easier to get in at the device and Cloud levels), and more variables driving the shift to a hybrid ecosystem. While this is a serious problem, it’s an avoidable serious problem; know who has what where, stay on top of your security updates, and make sure this is drilled into your employees enterprise DNA.