Cyber Security: Locking Out the Grinch from Your Application Network

Twas the night before Christmas,

and all through the house,

not a creature was stirring,

not even a mouse.

Before donning your kerchief or cap,

you take one walk around ‘fore your long winter’s nap.

When what to your wondering eyes do appear?

Twas the night before Christmas,

and all through the house,

not a creature was stirring,

not even a mouse.

Before donning your kerchief or cap,

you take one walk around ‘fore your long winter’s nap.

When what to your wondering eyes do appear?

But an unlocked door…And a Grinch, with a sack.

We may be mixing our holiday fables, but your IT network can be a lot like the homes of Who Ville. And your valueless and unused IT assets are like unlocked doors and windows, which increase your organization’s vulnerability to those who would steal your roast beast!

Before the Grinch can take advantage of your IT network this holiday season, here are a few strategies to consider:

Establish an Application Management Strategy

How do you leave your chimney open for Santa while keeping the Grinch safely locked out? The right application management strategy can help outline where vulnerabilities lie and how to fix security weaknesses, minimizing your organization’s overall attack surface.

Define the Landscape

With so many assets to manage, there is only limited time available to innovate. As a result, security was, until recently, seen as a something of a misfit toy. However, the recent data breach at Sony Pictures, among others, indicates that we have entered new territory in the importance of security. Businesses that can’t protect their customers’ data risk losing their business. And the damage to your reputation may be irreparable.

Delineate the Valuable from the Valueless

Using the toolset Buy-Hold-Sell – a methodology more commonly associated with Wall Street – can be something of a Rosetta Stone for your IT portfolio. Buy refers to valuable IT assets that advance business and merit additional investment; Hold means the asset is necessary but neutral; and Sell applies to assets that lack value, cost a lot to maintain and increase the business’ vulnerability to attack.

Stop the Creep

Just as waistlines during the holiday season, IT asset creep happens over time. By using buy-hold-sell, you’ll have the visibility to stop the steady buildup of assets over time, which lose their value. Plus, the new insight builds trust. IT security must evolve from something that’s perceived as a necessary cost to a profit enabler that sets the company apart from its competition and sustains trust from customers.

Brighten Your Career Path

When you can provide a single source of truth that everyone can clearly and easily understand, you’ll have your own “nice” list that will help you bridge the gap between business operations, finance and your company’s executives. You’ll cut across teams to help your organization understand the actual cost of security and you’ll be able to map that cost, and the associated risks, across multiple lines of business.

Once you can do that, you’ll not only clarify your company’s needs, you’ll demonstrate your own value to the organization, which will better equip you to rise through the ranks of your IT organization.

And it all starts with IT leaders having the tools to keep those holiday data Grinches at bay with a sound application security strategy.

Happy Holidays, everyone!

Karl Fruecht is head of engagement, KillerIT and Jason Ausburn is Manager, Professional Security Services Practice – SOS Security, a Forsythe Company.