The old-school mindset – that the IT department exerts control and dispenses access on an as-needed basis – is still around, and it makes sense that it endures. For someone, like me, who has been in the industry for quite some time, it's completely reasonable to have concerns about doing what feels like throwing the doors open and letting people do whatever they want, no matter what disaster they might be setting the company up for.
Technology, after all, is moving fast. Perhaps ironically, cybersecurity threats are even more dangerous, and far more numerous, than back when it was IT’s prerogative to lock down everything.
But the truth is that in today’s enterprise computing environment, trying to exert undue control over things like access in the name of security – no matter how well-intentioned – can sometimes work at cross purposes with establishing that security.
Forcing employees to go in and out through VPNs with multiple logins only encourages them to find creative ways to circumvent the protocol; ways that can open up vulnerabilities IT isn't aware of.
Old-fashioned, protracted device checkout policies turn into practical impossibilities that everyone ends up ignoring.
While this paradigm shift makes it sound like we're living in a whole different technological world than we were 20 years ago, some things are strikingly similar to how they were in the formative days of enterprise computing.
Companies still struggle with understanding the following issues that appear profoundly simple:
How many assets do they have?
Where do they reside?
Which applications are being used?
Who is using them?
Patching endpoints remains the problem child of IT. This is made ever more onerous by the heterogeneity of environments and is exacerbated by cloud and mobile computing.
These are problems that, for all our advancements in capability, we should have tackled by now. Instead we have been piling on new complexities without first addressing these foundational issues – which continue to compromise our networks and render ever-more sensitive and critical data insecure.
More Info: jobs that require comptia a+ certification
Technology, after all, is moving fast. Perhaps ironically, cybersecurity threats are even more dangerous, and far more numerous, than back when it was IT’s prerogative to lock down everything.
But the truth is that in today’s enterprise computing environment, trying to exert undue control over things like access in the name of security – no matter how well-intentioned – can sometimes work at cross purposes with establishing that security.
Forcing employees to go in and out through VPNs with multiple logins only encourages them to find creative ways to circumvent the protocol; ways that can open up vulnerabilities IT isn't aware of.
Old-fashioned, protracted device checkout policies turn into practical impossibilities that everyone ends up ignoring.
While this paradigm shift makes it sound like we're living in a whole different technological world than we were 20 years ago, some things are strikingly similar to how they were in the formative days of enterprise computing.
Companies still struggle with understanding the following issues that appear profoundly simple:
How many assets do they have?
Where do they reside?
Which applications are being used?
Who is using them?
Patching endpoints remains the problem child of IT. This is made ever more onerous by the heterogeneity of environments and is exacerbated by cloud and mobile computing.
These are problems that, for all our advancements in capability, we should have tackled by now. Instead we have been piling on new complexities without first addressing these foundational issues – which continue to compromise our networks and render ever-more sensitive and critical data insecure.
More Info: jobs that require comptia a+ certification
No comments:
Post a Comment