Few would argue against the necessity and value of security for a network. Yet for organizations purchasing PCs or servers regularly and deploying them across geographically disparate locations, the implementation of security measures can be a long, tedious task requiring extensive man-hours. And the more locations an organization has, the more likely there are inconsistencies between those locations.
Two extreme scenarios exist for handling security when dealing with geographically disparate organizations:
In the first scenario, local IT staff is employed at the individual remote locations. In this case, organizations have to deal with cultural differences, varying skill levels and capabilities and language barriers that pose potential misunderstandings.
In the second scenario, there is no local IT staff at the remote locations. In this case, the centralized IT administration has a lot to do to keep all the remote sites up and running. As IT departments are usually overloaded, issues arising at headquarters tend to take priority, and the remote locations often become an ‘afterthought.’ IT support suffers – and consequently, IT security suffers.
The reality for most organizations is somewhere between these two extremes. They all share, however, the need for a consistent and centrally controlled security system across the company.
Implementing an effective and centralized “cradle to grave” security policy includes a three phased plan for centralized control and decentralized execution:
Initial Rollout: Deploying operating systems and applications (including security solutions, such as virus protection), re-provisioning systems (i.e. using the same PC for a different purpose). By making security an integral part of the deployment process, you will have secure systems from the start. Adding security to systems management later is like purchasing auto insurance after your first car accident.
Ongoing Security Maintenance: Updating machines with security patches on a continuous basis. If security is already tied in with systems management, this is an easy and integrated process. Not keeping your systems updated would be akin to thinking that because your car passed its safety inspection two years ago, you will never experience car problems again.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.