The SME’s challenge: Out of Control, Out of Time, Out of Compliance?
Learn about:
• The benefits of setting and monitoring a PC management policy;
o to increase productivity and maximise resource
o remove the security risk inherent in running some applications
o ensure security protection by mandating some
(PRWEB) August 6, 2006 -- No-one working in IT can be unaware of the security and compliance challenges facing businesses in protecting company assets and processes. The statistics are clear, abundant and all around us, leaping from headlines on a daily basis; massive financial losses associated with security breaches are commonplace, as are high-profile court cases about staff misuse of email and punitive fines for software license infringement. What is less clear however, is the strategy that is best employed to satisfy requirements and operate within the realm of realistic budgets.
Integrated software tools that automate many of the standard required functions and report in real time may hold the answer, particularly for IT professionals working in the SME sector where the challenge is even steeper. These organisations are rarely able to invest in the resources, systems and staff that their larger brethren can call upon - yet the problems they face are identical: security and availability of IT services, policy and legislative compliance and last but not least, the efficient use and protection of corporate assets.
For many SMEs, the IT team consists of one or two lone professionals supporting a user community of 100 plus PCs. In this scenario, it’s a daily battle to ensure network and service availability, react appropriately to security threats and meet an endless stream of user requests. Strategy and planning can easily become a wistful dream in the hurly-burly of daily fire-fighting. Ignoring policy enforcement, security strategy and compliance issues inevitably spells trouble, as things left on the backburner tend to boil-over in time.
The IT Trinity: Policy, Security and Compliance
The three areas of policy, security and compliance are now more interconnected than ever and the answer for an overstretched team can be found with software which understands the connections and is integrated effectively.
Prefix offers a cost-effective, integrated software tool that provides easy-to-manage automation for IT managers. It includes a portfolio of tools that save time and put the IT manager in better control of the network and how it performs. These include real-time, automated alerts and tools for threat removal, policy enforcement, data loss prevention via the USB port, network discovery and inventory management along with a range of configurable reports to satisfy board and departmental queries.
Under attack
82% of UK companies were attacked in 2005 – more than half of these attacks originated from within
Security threats can arise from any number of sources, from intentional attacks via the Internet, from unguarded or poorly educated staff, or malicious attacks from internal sources. To handle the variety of issues effectively, the IT manager must juggle an increasing array of security products designed to increase perimeter security, including anti-virus software, firewalls, IPS, IDS etc. Each system produces quantities of data which must all be analysed and prioritised. Without an integrated software management tool to manage and make sense of the data, the IT manager is facing info overload and will find it impossible to identify and appropriately prioritise issues for action.
As part of the integrated Prefix approach, users benefit from a central console to view the network and activity levels across the PC environment and are kept up to date via a configurable alert bar. Armed with this information, faster and better decisions can be made to remediate a range of security issues and deliver a higher degree of control to the IT team.
Lock and load
Patching and updating software is a time-consuming and often thankless task. However, it is important that it is done quickly and effectively, particularly if it’s anti-virus software that needs to be updated with the latest worm signature, for instance. To save time and resource, the process can now be automated and administered from a central console which can also remove services and applications when appropriate, restart computers remotely or delete files, control the use of shared drives or folders and update registry entries. This level of automation clearly has strong security benefits for the business too.
The rise of life-style technologies, such as the ubiquitous iPod, has also given birth to a new type of security threat via the USB port. MP3 players are in reality portable memory devices which are capable of downloading and storing vast amounts of data from a corporate network – as is every laptop.
So whilst the conscientious employee may be intending to do some work over the weekend there is nothing to prevent him or her leaving the laptop in a taxi or the local pub by mistake, along with all that valuable data. Alternatively, what’s to stop a disgruntled employee passing information to a competitor? In either case, the threat is huge, whether the potential data lost is a customer database or personnel files, payroll or tax data.
Fastest growing crime? ID theft (20m cases recorded in the USA and growing at 30% pa)
Indeed, companies have a responsibility to protect employee data from the rising threat of ID theft. Some early studies indicate that much ID theft is often perpetrated by staff that can access records to set up credit cards or commit other crimes. This is becoming an increasingly serious issue in North America where more than 20 million instances have already been recorded. This raises the issue of vicarious liability, whereby an employer is personally and directly responsible for the failure of security systems and incomplete compliance.
However, integrated software tools such as Prefix can deliver increased peace of mind as well as better security. They allow the IT manager to prevent all such activity by remotely assigning access and download rights to user groups, or even individual users if necessary.
In this way USB ports can effectively be locked-down to prevent unauthorised access by external storage devices whilst remaining available for use by approved peripherals such as mice or printers. What is more, Prefix can monitor suspicious behaviour and configured alerts will inform the IT manager of unusual activity.
Policy please
According to the DTI’s 2004 report InfoSec Breaches, 25% of companies said their staff misused systems (a 100% increase over 2002)
Now we come to the issue of policy enforcement which straddles both camps of security and compliance. Its importance grows daily, inline with the increasing number of compliance challenges facing SMEs.
There is an increasing trend amongst employees to regard office PCs as their personal property. It is uncommon to find a user who does not consider it their right to use it for personal admin, email or MSN messaging, Internet surfing and generally play a role in their social life outside the office.
Whilst many employers are currently happy to over-look this to a certain extent, there are specific dangers associated with these activities if they aren’t limited by acceptable usage policies. For instance, it is very easy now for employees to download software direct from the Internet, via their office server. They may be downloading pirated software, viruses, trojans or worms, pornography or other inappropriate materials – all of which can create huge compliance issues for the employer.
Policy is important, not only to ensure security issues such as those examined above, but it is also important to ensure compliance for an increasing range of legal and trade issues.
However, developing appropriate policies is only the first step, they must also be communicated effectively and then enforced. Once again it’s down to the IT manager to manage the policies and ensure that they are followed whilst not hampering the productivity of users. Thankfully automated tools can now help in this task. Prefix’s Policy Enforcer module can restrict the use of specific applications or services and track application usage on a by-PC basis.
Taking software license compliance seriously
Business Software Alliance: 27% of PC software in the UK is pirated
Software license compliance is an extremely serious issue yet most British businesses fail to realise its importance. Software piracy is rife in the UK according to the BSA which says that currently around 27% of PC software is pirated with unlicensed software populating the vast majority of corporate networks. Whether it has arrived through the ignorance of staff action, deliberate risk-taking, or bad management, the risks of potential legal action and punitive fines are the same.
According to some reports around 70% of firms do not have an automated software asset management system in place and have a less than comprehensive approach. This leaves them vulnerable to a host of compliance issues, in terms of the currency and validity of license agreements.
Automated asset management systems, like the tools within Prefix, can enable users to get a clear and real time view of their IT estate and understand where software use may fall out of compliance as and when it happens. It can have other direct benefits too; according to Gartner, most users experience cost savings of around 30% on their IT budget once they implement inventory management.
Three less things to worry about
The arguments in favour of using integrated software to manage the PC environment are clear and have been well-accepted for years in larger companies. The arrival of cost-effective integrated software tools that are similarly featured, yet designed specifically for the smaller business, represents a major opportunity for SMEs. Now small businesses can to get to grips with today’s dynamic challenges of policy, security and compliance and ensure they are best placed to flourish in the future.
###
|
