Safeguarding Forests—and IT—Falls to All of Us
The month of October is near its end. Here in Utah, stunning autumn colors have graced the mountains and the weather has turned brisk and fresh. Fire season is over. What a relief!
The wildfires of 2018 in Utah were spectacular. They burned thousands of acres and destroyed a record number of structures. The various fire departments noted a record level of fuel with low humidity. The state was a tinder box.
The US Forest Service and other agencies have driven expansive campaigns with catchy slogans like “Only you can prevent forest fires,” or “It only takes one mistake to bring us all down. Don’t let it be yours.”
I read one of those slogans while driving through some beautiful mountain scenery and I started contemplating the state of IT. It hit me that IT and the Forest Service have a lot in common.
Security Is Everyone’s Task, Not Just IT’s
Just like the Forest Service, IT depends on the behavior of users to maintain a safe environment. Risk awareness is the first step in enlisting the help of end users. They must adopt safe behaviors and understand what good behavior is, which will go far in the long run. This training helps users be secure on the road, at home, and at work, and it should be part of any security program.
Some wildfires are started by lightning; they’re like security events that are out of our control. But such events are in the minority. Most security events are caused by an action that someone took. In a social engineering test in 2016, a group of researchers found that one in five employees would sell their password for under $1,000 dollars—with the majority willing to sell them for under $100 dollars.
This statistic is troubling, but this next one from the Verizon Data Breach Investigations Report 2018 is even more so. Eighty-one percent of data breaches are due to password issues. Awareness and coaching users to use strong passphrases not words—and to not reuse passwords—will enhance security both in the corporate and home environments.
Implementing multi-factor authentication (MFA) or PIN technologies can help in tightening security in the corporate environment. Long-term plans should include implementing a process that removes passwords. A world without passwords seemed incredible just a few short years ago, but today technologies such as biometrics, WebAuthn, Windows Hello, and Windows PIN can be used to replace the password with new and more secure options.
Device Discovery—The Need for “Fire Spotters”
On occasion as I’ve traveled the mountains, I’ve seen the Forest Service cabins or lookout stations for the fire spotters, whose job is to monitor and report if a fire is starting. Discovery of devices is like that lookout.
Discovery must enable IT to know about every device on the network—when it arrived and as many details as possible. Without the lookout, a “fire” could start and become deeply embedded before we can respond. Passive discovery based on network activity, and well as agentless inventory scans, acts as that base lookout to determine early on if something as changed. Knowing about and responding early as devices are added to the network can reduce risks greatly.
Management Behind the Scenes
As we enjoy the mountains and scenery, we don’t often notice all of the management that occurs behind the scenes. Wildlife managers, forest managers, and range managers are just some of the people involved that work to reduce the risks to the environment. They leverage all the different tools available to reduce the risk of wildfires. And while these people and tools aren’t the reason we visit and enjoy the scenery, they have the ability to improve our experiences. IT faces the same challenges—how to improve the user experience while removing the risks.
Safe computing requires a well-managed computing environment. A well-managed environment provides the basis for a great user experience.
Rex McMillan has been with Ivanti for nearly 14 years. In his current capacity directing a team of product managers, Rex works to help create innovative solutions of high value that help customers improve the productivity of their end users and realize a rapid return on their technology investment.