When you look at today's growing trend of data disruption, breaches, and hacks, can you sleep at night knowing your organization's protected? When it comes to digital security and reliability, there are 2 areas of focus that every IT Manager should be focused on making sure exist within their organization. The 2 areas are a documented Security Posture, and having emergency procedures that draw direction from your organization's security posture. Both are crucial to ensuring the safety of your machines and data
An easy way to identify a Security Posture, would be to look for something that specifically outlines the targeted processes in place to implement the security protocols of the devices and data. This posture is a generalized doc that covers the orgnaization's security needs and plans in regards to machines and dataflow within the organization. We recommend starting with a security standard. A security standard is just another way of saying, "what level of security does your organization absolutely need in place to guarantee continued operation?"
Some examples include standards like PCI, SOC 2, FIPS140-2, and HIPAA. The best rule of thumb is to choose an existing posture based on their standard, and then modify it to fit your particular security needs, whether they're higher or lower in some cases. Once you've done this, it gives your organization a nice base to work off of to ensure total security. Depending on the changes your organization deems acceptable, you should also make sure to document them as you go, to ensure future reference.
Another area to look into is the overall goals you have for your organization security. When it comes to implementing management platforms like Jamf, SCCM, AirWatch, etc., having the security posture in place makes it easier to understand why you're platform settings are set, as well as what the settings control. This is something you should document prior to deployment, as it plays a crucial role with how you set up and manage your secured devices. Document the why's and how's to the deployment process, to ensure that you can replicate the process at the very least, with the understanding that the future may call for some revisions to your platform's policy.
The second area of focus should be on emergency procedures. A lot of organizations put multi-level approval processes in place to ensure that any change in the overall management processes are examined and signed off prior to the actual change (the official term for this is "change management"). This allows the the designated IT team to ensure that changes made to local machines, networks, or any other kinds of data, are within the scope of the security standard set in place from the start. Once the change clears that standard, it can be enacted, and your IT team can sleep soundly knowing the organization is safe.
A great example of making sure the processes and changes adhere to the overall posture, would be looking at how IT manages mixed environments. While computers can essentially be defined as the same kind of tool, attempting to manage a Mac in the same way you would a Windows machine, you'll find pretty quickly, that they're two very different products (speaking to Active Directory issues many Mac users experience that Windows users don't have). This is where it would be proactive to put multiple policies into place, that cover the needs and processes specifically associated to Windows machines, while also enacting similar processes that are Mac-specific. When it comes to overall security, one-size-fits-all is a farce. And you definitely don't want to put the security of your organization on the line with vaguely defined policies.
*Bonus: (let's just round this focus thing off to 3..)
*Auditing: The addage about a chain's strength being determined by its weakest link is exactly why you have to devote some time and resources to testing the strength of the posture you've implemented. Some organizations hire third-party tiger teams composed of "white hat hackers" to try and break their security measures, and then turn to them to act as security consultants to help the organization rebuild and fortify their security measures. Depending on the size and need (which should be defined by the security posture) you can make the right decision on what's best for your organization. Neglect could lead to a similar fate of Presbetyrian Medical Center or other hospitals that have recently been targeted for ransom based on outdated or nonexisting security postures.
Did you find this topic useful? We'd love to hear about it! Hit us with comments below, or if you'd like more information on how BFA can help advise you on stucturing your security postures and device deployment/management strategies, just smash that button below!