Security and Operations – A Marriage Made in Heaven

Security vs. Operations

There is an inherent tension between security and operations.  The most secure computer system would exist in a locked room with no connectivity to the outside world and it would have no input or output devices and be operated by a blindfolded person.  Of course it would be difficult to get anything done that environment.

Sometimes it seems that in order to get some level of security for your computer systems one sacrifices the ability to get the job done. If you perfectly lock down a computing system it may become too slow or even prevent mission critical applications from running.  Many applications were written without thinking about security.  For example, there are still many applications that need administrative privileges to run and therefore require an end user to have those privileges.  If an organization had a policy that said end users cannot have administrative privileges, then that application would cease to work.

Many organizations have a separate security function within the IT organization and others combine the functions of operations and security into a single function. Whether the IT group is large or small it is difficult to balance the competing requirements.  And securityand operations compete for the same dollars.   In some organizations the security team may have a reputation of always saying no. Kind of like how lawyers sometimes seem to work for the Business Prevention Team.

IT organizations are continually asked to do more with less.  Security may have a budget to buy software to help mitigate security risks but it usually falls on Operations to implement and maintain that new layer of security.  It is important to evaluate both the immediate expense and the long term cost of a security product. Savant Protection offers that additional layer of protection without putting an additional burden on operations.

Last week I discussed “solving the right security problems” and this becomes more complicated because of both dollar and operational constraints. Operations and Security need to work together to find a compromise that allows the organization to get their jobs done while mitigating  security risks that are inherent in their business.

Savant Protection offers a flexible, low impact, easy to deploy, easy to manage layer of security that blocks unauthorized software, stops zero day attacks, prevents the creation of advanced persistent threats, prevents key loggers from running, and eliminates the need for many system rebuilds.  It does this by automatically creating and maintaining an implicit whitelist of all executables on each computer system.  It is a simple and effective layer of security that will only allow a process to run if it is on the whitelist.

Next week I will talk about layered security

Security – What’s the Problem?

Many years ago a colleague introduced me to the phrase “What’s the problem?”.  It was useful because it helped people take a step back when they are so focused on features and solutions but have lost sight of what problem they were trying to solve.  Sometimes the problem was not even the correct problem.  When companies or individuals are dealing with computer security, they often skip the step of defining the problem and go straight to solutions and they get an environment that has all sorts of security “solutions” but doesn’t solve their security problem.

Why should a company or an individual care about security on their computers and networks?  I overheard a fragment of a conversation when I was at dinner this weekend.  There were two elderly women  and one said ” … but the Mac’s have better security right? and the AOL helps too … “  Unfortunately, that is how a lot of security decisions are made.

Defining the security problem for IT organizations is not simple.  Many organizations large and small decide on solutions without thinking about the problem and creating requirements.  One needs to define what it means to be secure in one’s environment.  Understanding the environment and what needs to be protected and why it needs to be protected can help define the requirements for security.  No solution can be 100% foolproof but ideally one can get the right level of security that significantly mitigates risk.

Here is a list of some diverse motivations for being concerned with security:

• The company has been breached and proprietary corporate information has been stolen.
• The company has been breached and credit card information and social security numbers have been stolen
• The company lost many days of productivity due to a virus infection causing computers to slow down and need to be rebuilt.
• A home computer had a virus that loaded a key logger on the system and they stole all the personal information and stole the user’s identity.
• Laptop computers have been stolen from my company and data is at risk
• Users are wasting time playing games on computers.
• Users are using file sharing programs, putting the company at risk for violating copyright laws.
• PCI compliance, SOX compliance …

What to do? Determine which security issues are you trying to address, define the problems, define the requirements, and then implement a solution.  There is no perfect solution but based on your environment you need to choose solutions that mitigate the key risks for your organization.

If the reason you care about security is only so you can claim compliance you will likely not be secure but you will be compliant. Many of the problems listed above are caused by an executable program running on the computer that shouldn’t be running.  Somehow it was placed on the computer through a virus, social engineering trojan, user error, malicious intent …   Savant Protection can prevent such executables from running no matter how they got on the computer system.

Savant Protection offers a flexible, low impact, easy to deploy, easy to manage layer of security that blocks unauthoized software, stops zero day attacks, prevents the creation of advanced persistent threats, prevents key loggers from running, and eliminates the need for many system rebuilds.  It does this by automatically creating and maintaining an implicit whitelist of all executables on each computer system.  It is a simple and effective layer of security that will only allow a process to run if it is on the whitelist.

Next week I will talk about the relationship of Security and Operations.