Day in and out we are reading and listening to news about how lost and stolen data, Virus attacks crippling organizations, unauthorized software that may contain malwares and so on. While it is impossible to eliminate IT\u00a0risks altogether, certain steps can aid in placing less reliance on the persons and processes and\u00a0more on\u00a0technology. At the end of the day it is better to Push Security to End Users than to expect compliance.<\/p>\n
One major pattern that is emerging in IT threats today is the internal threat that is repeatedly coming to fore. Internal threat need not mean a malicious internal user, it has also come to mean an external threat manifesting\u00a0through the internal route. For instance a laptop that is stolen which is then used to access the network because\u00a0the laptop user stored the access credentials on his VPN client.<\/p>\n
The key to the success of any IT Security initiative is that it should enforce adherence rather than expect end\u00a0users for compliance. For instance an IT Security Program that is likely to disable USB drives as a group policy\u00a0setting is likely to be more successful than a Policy or process level initiative that simply states (without\u00a0accompanying technology initiatives) that end users must not use USB drives. It is high time that along with policy\u00a0level initiatives, organizations must implement IT Security measures using technology to the extent possible.<\/p>\n
Domain controllers, Group policy settings, VLAN’s and Centralised Anti Virus controls are a few of the measures that\u00a0organizations can build to ensure that IT Security is enforced internally. Today, generally Organizations fortify\u00a0from external threats to such an extent that it is surprising to find the little or lack of similar measures that\u00a0are deployed for internal threats. It has been found and proved often that insider threats are not only higher in\u00a0number but also very difficult to control and trace. In such a situation organizations must not leave IT Security\u00a0administration to the competence of an individual or strength of a process. At the end of the day, It does not matter where the weakest\u00a0link is as long as it exists.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":" Day in and out we are reading and listening to news about how lost and stolen data, Virus attacks crippling organizations, unauthorized software that may contain malwares and so on. While it is impossible to eliminate IT\u00a0risks altogether, certain steps can aid in placing less reliance on the persons and processes and\u00a0more on\u00a0technology. At the … <\/p>\n