IT operations refers to the set of processes and services that are administered within a larger organisation or business, and operational teams — often more commonly known as “Ops”.
IT teams are responsible for making sure these Ops run smoothy throughout an organisation’s system. However, due to lack of time, resources or both, Ops are often focused on concerns such as system performance or compliance, without ensuring that the “basics” are in place. In most businesses today, we would likely find that devices such as laptops and client workstations are not being managed by Ops, which means companies are failing to gain full visibility of their asset base – a crucial capability for managing IT services effectively.
Fortunately, Ops teams can implement effective management strategies through four successive stages (forming a pyramid of Ops maturity), which will encourage safe supervision of IT systems and the missions entrusted to them.
1/ You Can Only Protect What You Can See
The first and most vital stage for Ops teams is identifying all devices that need to be monitored for internal and external security threats or risky activity. It is only once this inventory is maintained and mapped out that Ops teams will be able to progress to the next stages of IT asset management.
For example, how can a patching policy be established if no one is aware of the presence of MacOS in the information system (IS)? Discovery tools can automate the identification process and considerably improve actionable results. These tools have the advantage of scanning all devices wherever they sit, rather than a singular focus on the company’s head office and network.
This is particularly useful for today’s distributed and ‘from anywhere’ workforce, as equipment can be monitored for safety breaches in shops, homes, joint workspaces, etc, rather than just in an office environment. This means that employees working remotely on insufficiently secured internet connections in a private residence or public space are still protected from being targeted by malicious actors who can penetrate these networks.
2/ Compliance and Remediation
Once the devices have been discovered and inventoried, Ops can set about establishing compliance standards by defining the normal behaviour of its IT assets. Once Ops have this knowledge, they are then able to establish a baseline of standards and deploy the appropriate policy for patch management of each operating system.
This is necessary to ensure that Ops teams don’t fall victim to shadow IT, where employees use solutions which aren’t compliant with company policies without the knowledge of IT managers. If Ops are unaware of any tools present in the network, they can’t identify vulnerability points, leaving the system unprotected and likely to be exploited by hackers.
Recent threats from third-party software such as SolarWinds and Kaseya have highlighted the difficulty companies have in quickly knowing whether they are affected by the presence of these tools in their fleet. That’s why, five years after its launch, some companies are still falling victim to WannaCry.
WannaCry is a destructive and dangerous ransomware virus which infects corporate systems and then jumps to vulnerable devices in that network. This means that a single vulnerable computer on an enterprise network can put an entire organisation at risk.
Organisations need to take multiple approaches to defend against these attacks, such as having the latest patches installed, implementing compliancy standards and having a real time asset inventory. Due to IT networks’ constantly changing, Ops teams need an updated view of decisions being made in real-time so they can protect employees’ devices from cyber threats.
3/ Device Configuration Policy
Once compliance has been defined and the patch database has been set up for an updated fleet, it is time to define and apply the device configuration policy. This provides a real-time inventory of each machine.
At this stage, the Ops team has control over “what they operate,” “what is standard” and “what exists” in the network. The conditions are then in place to address the management of third-party applications. Only in this context is the homogeneity of the IT estate ensured and can it be managed in a uniform manner.
This also involves ensuring that applications embedded in robots or machine tools are also updated and ensuring that the publisher/manufacturer is committed to offering and/or performing the required updates. This highlights the more decisive and “mature” role of Ops, its ability to provide advice to the business lines, which are often the decision-makers in industrial IT purchases.
4/ Mapping Applications and Advanced Performance Monitoring
Once their environment is known, compliant and kept up to date, Ops can add additional services, such as mapping applications to prevent failures or taking advantage of advanced performance monitoring. This allows them to be proactive with end-users and constantly ensure that they have the optimal tools and resources to meet their specific use cases.
Performance is one of the most important issues for IT departments today. Ops or Security teams all too often accumulated new solutions in layers to try to fill in the gaps and address new discoveries as they were made. This is often because the basic inventory was not mastered. As a result, equipment ends up being overwhelmed by solutions (whether they are based on a local agent or remote scanning), which can have a significant impact on users.
Managing IT Systems Effectively
For organisations to manage IT services effectively, Ops must access effective management strategies and follow the pyramid of Ops maturity. This means getting the ‘basic’ fundamental actions in place: identifying all devices that need to be monitored, establishing compliance standards, defining and applying the device configuration policy and adding additional services.
If Ops rely on these clear strategies, teams will gain a better visibility of their asset base and can effectively manage IT systems and the missions entrusted to them.
As a result, teams will become more organised, prepared, and cyber secure, which will help in overseeing risks with future activity.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.