A really, really important concept about security is that it’s not set and forget, so there is a constant maintenance cycle that you have to follow. There is due diligence you have to follow through with, and this is on the part of not just the it security administrators, just not just your network administrator, desktop technicians. This is on the part of everybody in the company, so this is something that’s oftentimes overlooked, sometimes difficult to employ, but really you want to get everybody involved in this because if there’s a problem and somebody notices it and it doesn’t directly impact their job, they should be reporting that to somebody so that you as the IT administrator, you as the INFOSEC personnel can look at that and determine does anything need to be done with that? Or are we okay with that current process? This leads a lot into things like specific security over applications, patching applications, life cycle management on applications.
That’s really where this is important because software is software. It will have bugs, it will have problems, it will get exploited at some point in time, and that’s why there are companies out there like South Seas Data that’s specifically try to help you manage these things, that try to help you determine what those risks are, and help you along the way and ensuring that you have policies and practices and potentially even the software to help you do this, this job without it becoming a monumental task. Ultimately it’s a due diligence process that keeps you from getting into this point where once or twice year you’re panicking to install hundreds of patches and to solve problems that may have come up or may not have come up. This should be a consistent, ongoing process that is not as painful to you and that’s very easy to do, and that should just be second nature.
You’re applying these patches and you’re putting these things in place, and of course you have to have policies to test these things and to validate them for business practices. You may have mitigatable risks that have to be out there in the open, because your business requires those things, but at least those are documented. You know about them and you know what you’re doing, that way you’re sitting there comfortable being the IT administrator that your network is secure. You’ve done your job, and now you’re ready for whatever’s coming to you.
I’m Anthony with South Seas Data. We are here to help you find what’s coming down the pipeline and what’s going to impact you and prevent those from giving you a headache.