cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Secure IT

Level 13

Last week, I discussed taking your mastery of your virtual environment and extending its domain command. I listed a set of four skills that will allow any virtualization administrator to take flight with their career: Security, Optimization, Automation, and Reporting. This week, I’ll cover the first skill, security, and what it means to not get breached.

Security: Control and governance across the data, application and user planes.

The principle of security guides you around governance and control as 1s and 0s traverse across the IT planes. Security is a loaded term that can encompass all manners of sin committed against the IT domain. In the virtual environment, just because the resources are abstracted doesn’t mean that you’re immune to security breaches. Ultimately, the end-goal of breaches is to gain access and control to the data, application, and user planes. Accordingly, IT needs to defend multiple planes across multiple domains.

The figure below highlights the many vendors who operate in the security space and all the different entities that require securing from infrastructure to SIEM to cyber to IAM to application.

sec1.jpg

[Momentum Partners’ Security Sector Strategic Landscape (Q2 2015) http://www.slideshare.net/momentumpartners/momentum-partners-security-sector-strategic-landscape-q2-...]

Knowing is half the battle: common security attacks

There are four common security attacks that IT administrators deal with:

  • DDoS attacks – an attack designed to overwhelm servers with bogus traffic that causes websites and applications to slow down and eventually become unavailable.
  • Phishing schemes – an attack that sends fraudulent email disguised as a legitimate communication that lures recipients into clicking the malware link.
  • Poor patch management – leaving unpatched operating systems, browsers, applications, and databases allow hackers to access your organization’s IT assets.
  • User error – human error can lead to IT nightmares like losing a work device with unencrypted, sensitive data or falling for phishing schemes or surfing to malware infested websites.

Security presents a tremendous challenge and career opportunity for IT professionals. And it's much too vast to properly cover in a single post so this is just an appetizer to future posts. As the digital transformation expands, the gap in security ops personnel is growing as well. For example from ISACA, the 2016 Cybersecurity infographic below shows the shortage of security ops professionals.

sec2.jpg

[ISACA 2016 Cybersecurity Skills Gap  http://www.isaca.org/cyber/PublishingImages/Cybersecurity-Skills-Gap-1500.jpg]

Closing

Security starts with awareness of potential security threats and developing countermeasures. IT professionals looking to get a start in security should leverage the NIST Cybersecurity Framework, which covers the following risk management functions in detail:

    1. Identify
    2. Protect
    3. Detect
    4. Respond
    5. Recover

Establishing and maintaining trust throughout the IT transaction/interaction is key to securing the any IT environment including the virtual realm.

Additional reference for security:

1. I have previously covered some tips to secure your virtual environment in my Network Computing article.

2. SolarWinds Lab Episode 27:

3. Crossing the Great Divide: Conversations between IT, Networking, and Security Ops

9 Comments
Level 11

I like your closing comment, security starts with awareness.  That goes for the individual as well.  Being aware of who your giving your information to and how they plan on securing it should be one of the first questions you ask before handing over your information.  If they plan on communicating with you over the internet make sure you know if they have secure communications capability and how they plan to protect your communication.  Many business do not have security practices in place when communicating with customers outside of their company network.  It can be eye opening.  Good article.

MVP
MVP

As you mentioned security these days is behind the curve and always trying to catch up.  But the first step as you also stated was to be aware.  If you aren't aware you can't take steps to defend.

I am looking forward to the other aspects of SOAR. 

AS to the shortage of cyber security professionals, our company opened an office in Charlotte just to have a larger pool of applicants.  At that we are still paying a premium.  However, they have created a great program of locating internal candidates with technical ability and adaptability and have created an internal program for training cyber security analysts.

Level 17

Awesome write up! Thanks for the Old Lab's to tie in as well!

Level 14

Yes, security starts with awareness.  User awareness, sysadmin/netadmin awareness, but most importantly management awareness.  Good on ya referencing the NIST Cybersecurity Framework.  My Cybersecurity professors drilled NIST into our heads.  Now, even the DoD is heading in that direction.

MVP
MVP

It is so enabling starting with a security first strategy rather than struggling with a retrofit.

Doesn't help all the legacy stuff of course......

It's a bit daunting, having to wear so many hats while being expected to excel in all areas of IT--especially security.  Even the places one expects should be safest, like the FBI, have been hacked--and they specialize in security.

Yes, they have a very large target on their backs.  But that hack shows how a weak link can be the entry point into an entity you'd assume very secure.

Here's to all those who are trying to help us, instead of tearing down society through technological means.

Level 13

We, IT Ops professionals, play by a set of rules that is published (think NIST cybersecurity framework, etc). Those who commit these cyber attacks do not abide by those same rules and they give no quarter. Plus, they are sometimes backed by the vast amount of resources, of which only a nation can provide. And yet we stand firm and defend what we must with what we have. 

Level 9

You can use Processos do ITIL and ISO 27002 for segurança na melhor da informação?