I have been working in public sector security for about 20 years and for much of that time a major, ongoing security pitfall government organizations continue to face is the threat of unmanaged endpoints on their networks.
The nature of endpoints has changed over the years. At one time, the focus was on unmanaged modems connecting networks to the Internet. Today, endpoints fall into three categories: managed, unmanaged and Internet of Things (IoT) devices. Managed devices usually include enterprise-owned PCs, laptops, mobile devices and infrastructure components that require security agents (software), allowing IT staff to discover, maintain and control them.
Unmanaged devices are the personal laptops, tablets and smartphones of employees, contractors and visitors that are used to access your network. Since you don’t own these devices, you typically have no authority to put security software on them—meaning they are invisible to traditional security products, and to your staff.
IoT devices represent the majority of the new devices connecting to enterprise networks. They can range from video surveillance and audiovisual systems to medical devices and 3D printers. These devices have purpose-built operating systems, making them unable to run your security software. Consequently, they are invisible to your existing security products.
Most network security tools depend on endpoints running security software that provides administrators and their security tools visibility into the device. The problem is that not all devices communicate with software security agents, and not all devices on a network are known to administrators.
Unknown devices are a serious security concern because the network can become compromised if administrators do not have the required visibility. Unfortunately, this places tremendous onus on the admins, which is unrealistic, and can lead to further security complications once a network is compromised.
This brings us to our second pitfall. Once a vulnerability or an actual breach has been identified, many organizations rely too much on humans to solve the problem. Experienced employees can search for vulnerabilities and remediate them, but this often leads to delays and the potential for more errors.
Lacking network visibility can compound security issues very quickly. Since all devices on your network are vectors for potential attacks or cybercriminal reconnaissance, it is crucial that they are discovered and secured.
So the big question is: how do you secure your network more effectively?
In a nutshell, those are the major pitfalls facing the public sector with IT. In part II of this blog series, I will delve into the best practices for IT security.