Few would argue against the necessity and value of security for a network. Yet for organizations purchasing PCs or servers regularly and deploying them across geographically disparate locations, the implementation of security measures can be a long, tedious task requiring extensive man-hours. And the more locations an organization has, the more likely there are inconsistencies between those locations.
Two extreme scenarios exist for handling security when dealing with geographically disparate organizations:
In the first scenario, local IT staff is employed at the individual remote locations. In this case, organizations have to deal with cultural differences, varying skill levels and capabilities and language barriers that pose potential misunderstandings.
In the second scenario, there is no local IT staff at the remote locations. In this case, the centralized IT administration has a lot to do to keep all the remote sites up and running. As IT departments are usually overloaded, issues arising at headquarters tend to take priority, and the remote locations often become an ‘afterthought.’ IT support suffers – and consequently, IT security suffers.
The reality for most organizations is somewhere between these two extremes. They all share, however, the need for a consistent and centrally controlled security system across the company.
Implementing an effective and centralized “cradle to grave” security policy includes a three phased plan for centralized control and decentralized execution:
Initial Rollout: Deploying operating systems and applications (including security solutions, such as virus protection), re-provisioning systems (i.e. using the same PC for a different purpose). By making security an integral part of the deployment process, you will have secure systems from the start. Adding security to systems management later is like purchasing auto insurance after your first car accident.
Ongoing Security Maintenance: Updating machines with security patches on a continuous basis. If security is already tied in with systems management, this is an easy and integrated process. Not keeping your systems updated would be akin to thinking that because your car passed its safety inspection two years ago, you will never experience car problems again.
Displacement: Permanently erasing all data from the hard drive, so the machine can leave company premises without any 3rd party being able to extract confidential data from it.
At What Size Should Our Organization Move to Centralized Management?
To answer one question with another, at what point does it make sense to lock your car? Taking a systems management approach to security should not be dependent upon the size or geographical layout of a company. Regardless of these factors, an organization must be able to centrally control security to protect company assets across all locations. Doing so allows the IT administrator to evaluate and optimize the security level on every desktop, laptop or server from a single console, regardless of where the machine is located. The IT administrator can also distribute security updates or patches without needing to rely on an end-user’s actions. It is a matter of control and who has it.