In both cases, these organizations wanted to ensure--independent of the operations staff--that desktops and servers were configured as defined by their security policies. They also wanted to monitor patch compliance and generate reports pinpointing out-of-compliance hosts. Two organizations of different sizes and in different markets had similar reporting and management needs, none of which were met by existing applications.
Sure, developing policies and then extrapolating compliance rules is no small undertaking (for help see "Control the Keys to the Kingdom," and "Chart a Plan for Security"), but there are many benefits to be had from policy-compliance monitoring, including:
Ensuring end users follow the rules. For example, if your access policy requires that all passwords be eight characters, changed every 30 days and not be repeated, you must be able to pinpoint users who are not in compliance with the policy so that you can have them executed. Just kidding.
Maintaining separation of duties. Tiered management access ensures separation of duties between monitoring and management. We recommend that security administrators monitor desktops and servers for configuration compliance. Optionally, configuration access can be granted for trusted security administrators or desktop/server administrators.
Bringing about increased responsiveness. You must be able to respond quickly to changes that affect your security stance. For example, if a new vulnerability can be solved by creating a new registry key, can you ensure that the key was created and properly set to the right value across your enterprise? If not, you have a problem.
Remember, honest mistakes as well as malicious attacks can leave your organization vulnerable. Monitoring policy compliance keeps potential problems at the forefront of administrators' minds. Often, security updates and patches break some critical functionality on a server. In such cases you have four choices: do nothing, patch, find a workaround or persuade the application vendor to fix the problem so the system can be patched. No matter which you choose, turnaround time may be long. Forgetting about an unpatched system is all too common.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
