Security has always been a top-line consideration for every enterprise, and given the direction in which the world seems headed, this is becoming an even more stringent requirement. We are talking specifically about IT security, which is in itself a vast and dynamic ecosystem. The key concern here is visibility; if you don’t know about it, you can’t manage and secure it.
So to be clear, what is “it”?
“It” is the technology your organization uses to do business. All businesses run on workflows, and all workflows run on technology. This means every element of technology needs to be secured. This includes:
- Hardware – laptops, servers, printers, etc. which are often on undersecured networks, particularly given the current hybrid working model
- Software – desktop or SaaS, and usually the highest value variable
- Cloud instances – which are becoming increasingly ubiquitous
- Virtual Machines – which are often spun up then left running, consuming expensive network resources
- Networks – whether behind a firewall, as a VPN, in the cloud, or somewhere in between
- Mobile devices – everyone’s shiny object, which often does double duty between personal and business use
- IoT – little “things” numbering in the billions, and all of which are capable of providing network access
Everything on this list is at risk of a cyberattack, which means everything on this list needs to be meticulously tracked and managed. This is no longer a background task assigned to IT, this is a front and center requirement across the organization and implies the development of a new, more vigilant corporate mindset. This means ensuring participation by executive leadership not only for maintaining accountability for where “things” are, but also having the ability to run oversight, backed by the authority to force compliance and behavior that minimizes risk across the organization. Managing all technology across the entire enterprise with effective real-time visibility makes IT a strategic enabler, rather than its legacy context of a utility provider.
Done properly, enterprise technology management can deliver agentless bi-synch integration through APIs (another area that requires tight security), which effectively generates a comprehensive and fully integrated source of truth for managing all classes of assets across the enterprise in a single, holistic view.
Security patches and updates need to be run frequently and verification needs to ensure the patches and updates are properly tracked – this is a compliance issue as well, and the downside is significant, even if you aren’t breached. The corollary to this is backing up your data, do it often, and hopefully to an offline and secure environment. While memory may be cheap, what’s on it is not.
Access control (normally managed through SSO or other access mechanisms) needs to be layered. Who you are determines levels of access, keeping in mind that workflows can generate data that can access automated downstream systems. Access control is not just about people, it can also be about workflow control, which normally generates significant amounts of data. It’s also important to capture asset data as it enters the product lifecycle; this is a great opportunity to certify and track technology as it enters the corporate ecosystem. This not only simplifies security (who has what where, and what are they authorized to access), it provides leverage to procurement (you can avoid buying things you don’t need, and avoid using things for which you haven’t paid).
The aggregate downstream effect of securing and managing your technology across both product lifecycles and functional silos includes:
Compliance: This is a large, complex area where the rules are made by lawyers, enforced by government agencies, and they are never friendly to the entity being audited. It’s also not just regulatory compliance, there are true-ups delivered by the friendly folks at e.g. Oracle or Microsoft, and that can be an equally fun experience. Using an enterprise technology management framework can bring this whole ugly area into full compliance, and do it automatically.
Employee Experience: There is nothing more frustrating than looking at the blue screen of death, or its BFF, the spinning wheel of death. The whole point of technology is to accelerate productivity gains for the employees using it, your employees should always be at the optimal point of efficiency while working, and blaming support for being slow to respond when the entire incident could have been avoided through better lifecycle management puts the onus on the folks responsible for technology management. Knowing exactly who needs precisely what specifically when is the whole point of enterprise technology management.
Financial Controls: Having an accurate view into your technology inventory (all of it, as specified above) means not only buying only what you need, it means you have an optimized inventory, it means when employees leave you’ll get your gear back in a timely fashion, unused software licenses can be reassigned, etc. This is completely avoidable waste, all you need is a system that tracks everything and keeps the information instantly available. Which would be enterprise technology management.
While managing technology has (not surprisingly) become increasingly more complex, the technology to do so has also become increasingly sophisticated. The technology industry (and those who depend on technology, which is pretty much everyone) is at an inflection point, and the ability to manage the entirety of your IT estate from a single integrated view is now being adopted by some of the most innovative companies in the world. For more information please click here.