​Security and the “ART-ful” enterprise

Author: Michael Dortch, Senior Product Marketing Manager, LANDESK

While every enterprise is different, there are three fundamental characteristics that appear common to every successful modern enterprise. The successful modern enterprise is:

Agile – able to navigate nimbly all types of internal and external change, expected and unexpected.

Resilient – able to avoid threats, disasters, and disruptions, and to recover rapidly and seamlessly from those that cannot be avoided.

Trustworthy – able to credibly demonstrate and document operational transparency, in ways that both create and justify high levels of trust among all stakeholders.

One might even describe such an enterprise as “ART-ful.” If one were prone to such constructions.

It turns out there is also a single prerequisite for all three of the characteristics that make an enterprise “ART-ful.” That prerequisite is security. Specifically, user-centered security.

What is “user-centered security?” It’s a focus on what users use to do their jobs—applications, information, devices and network connections. Protect those things, and you can protect users from being victims of malware and other threats. Just as important and valuable, you can also protect users from being conduits into the enterprise for malware and other threats. All while keeping critical enterprise resources safe as well.

How to Achieve User-Centered Security

User-centered security is not only desirable, but achievable. Building upon research conducted by elements of the Australian government, the Canadian Cyber Incident Response Center (CCIRC) estimates that up to 85 percent of targeted attacks on IT environments are preventable by four simple steps:

  • Application whitelisting;
  • Timely application patching;
  • Timely operating system patching; and
  • Restricting of administrative privileges to those users who really need them.
Unfortunately, such protections are like smarter eating and exercise habits. More of us know what would be best for us to do, but we don’t always do those things.

Take patching. In an April 2015 alert, the US Computer Emergency Readiness Team (US-CERT) identified the “Top 30 Targeted High Risk Vulnerabilities.” The newest of these dates from 2014; the oldest is from 2006. That means that there are patches designed to remediate all 30 vulnerabilities but that many if not most enterprises have not yet installed those patches, for whatever reasons.

The bottom line here is that agility, resilience and trustworthiness are impossible without pervasive, ubiquitous, invisible, user-centered security and that such security begins with comprehensive, timely patching. Agility, resilience and trustworthiness are the pillars supporting the successful modern enterprise. User-centered security, starting with timely, effective patching, is the foundation that supports those pillars and enables the enterprise to implement the practices, processes and services that make agility, resilience, and trustworthiness possible.

To build that foundation, your enterprise must first automate, integrate, and optimise management of its IT security efforts, starting with patching. As these efforts make IT security more consistent and user-centered, that security can be expanded across all of the IT-empowered services that enable the business. Security and its effective management make up the bedrock that complements the foundation that supports the pillars of agility, resilience, and trustworthiness.

Of course, none of these strengths can be achieved or sustained by any processes or technologies alone. As with almost everything else a successful enterprise does, ART is achieved and sustained by people. Specifically, you and your people. In concert with colleagues from across your enterprise.

Evolution into an ART-ful enterprise requires leaders, evangelists, champions and supporters to implement and manage the user-centered security policies, processes, technologies, and services that make ART—agility, resilience and trustworthiness—possible.

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?

Join the CSO newsletter!

Error: Please check your email address.

Tags Michael Dortchrisk vulnerabilitiesUS-CERTsystem patchsecurityUser-Centered Securityenterpriseapplication patchingapplication whitelisting

More about Agile

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Dortch

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place