Guest author Kris Barker is co-founder and CEO of Express Metrix Asset Management Software.
Even the smallest network is under threat from botnets, hacking, Trojans, denial of service (DoS) attacks and information leakage. Malicious or criminal attacks, the most expensive cause of data breaches, are on the rise and the consequences of poor network protection are harsh.
A Ponemon Institute and Symantec study published in March 2012 shows a jump in data breaches caused by malicious attacks from 31% in 2010 to 37% in 2011, with an average cost of $222 per incident. Negligence accounted for a further 39% of reported breaches. The majority of serious breaches result from failings in people, process and technology.
The majority of threats originate from within an organization. The U.S. Computer Emergency Response Team (Cert) estimates that insiders - whether malicious or merely careless - are responsible for almost 40% of IT security breaches. Security technology such as firewalls, content security appliances or desktop programs can’t entirely compensate for people’s ability to deliberately or innocently bypass the rules.
Meanwhile, changes in workplace habits like mobile working and the use of multiple devices have upped the security ante. Outside the office, employees connect to corporate systems and programs via VPN tunnels or Web-based remote access applications, using corporate, personal or even public computers and devices. With so many access methods, the network perimeter remains porous, leading IT security managers on a constant search for additional protection and monitoring capabilities.
The situation is exacerbated by the rise in employees’ use of their own devices for work, whether authorized or as an under-the-radar aid to productivity. Despite increasing acceptance of BYOD (Bring Your Own Device) practices, there’s a growing gap between what employees actually do and what organizations have accommodated into their security and corporate best practices. Research by Information Law LLC from March 2012 indicates that 31% of companies surveyed had no company policy governing employees’ use of their own devices at work, while a further 26% said they ‘sort of’ did.
The Case for Deeper Software Insight
In addition to securing the network perimeter, corporate desktops and mobile devices, IT departments need to quickly and easily monitor the software that users are installing and accessing, and ensure that only authorized individuals are using programs with access to sensitive information.
To this end, software asset management (SAM) tools add a valuable weapon to the IT security arsenal. SAM helps tackle potential risks from the software usage perspective, helping IT managers detect and halt threats in four major areas:
- Identifying malicious programs, hacking tools and other unauthorized software
- Preventing the use of suspect or malicious applications
- In the event of a security breach, examining application usage data to see who was running suspect applications
- Identifying and reducing the number of underused software titles so IT can support and patch fewer applications
Acceptable Application Matrix
It is much easier to maintain a robust security posture if acceptable software titles and types are defined and documented from the outset. Maintaining a matrix of tested, validated, approved and documented software helps strengthen policies and support existing technology. Establishing a matrix helps IT set policies preventing workers from using unauthorized software.
Despite the most stringent software usage policies, portable storage and mobile communications devices can insert unwelcome software behind the organization’s firewall at any moment. But disabling unacceptable programs can be a powerful weapon against potential security breaches. Application control also helps ensure that only authorized users can gain access to specific programs.
While most applications through which sensitive data can be accessed are protected by authentication controls, SAM solutions add a further layer of security by providing an instant snapshot - at any time - of which employees are accessing which program. The ability to retroactively trace the origins of a breach is an important reporting tool - especially for companies subject to regulatory compliance.
Improved Patch Management
Better SAM tools give IT a streamlined way to identify and eliminate underused or redundant software titles, and to restrict access on a needs-only basis. IT departments no longer have to act as detectives, and they can save time by supporting and patching fewer applications. They can also help ensure that all devices on the network are running the appropriate security software, a huge time saver.
Knowledge is power - and security. Your level of protection is significantly higher when you know exactly what software your organization authorizes, see who is accessing which programs, prevent the use of unacceptable programs and identify any breaches.