Tech Guest Viewpoint: Application Management Improves Cybersecurity

By Jason Ausburn and Karl Fruecht



You’ve acquired a new storefront. While doing your final walk-through, you notice an unlocked door that opens to a side alley. You can’t use the alley for storage. It doesn’t give your customers an additional entrance. It’s just an additional access point.



How are you going to secure it?



Just like your store’s physical footprint, your IT network may have “side doors” in the form of valueless and unused IT assets that cost more to maintain than they’re worth. Each of these doors simply increases your organization’s vulnerability, or its attack surface.



The right application management strategy, however, can help you understand not only where you’re vulnerable but also how to fix weaknesses, evolving your approach from a tactical obligation to a strategic business driver.



1) Define the Landscape



The challenge of maintaining a secure posture with limited resources while attempting to support and enable current business demands is not uncommon. With so many assets to manage, there isn’t much time left for innovation. As a result, security was, until recently, seen as a necessary evil.



However, recent high-profile retail data breaches have highlighted the importance of data security. Stores that can’t protect their customers’ data risk losing their business. And the damage to your reputation may be irreparable.



The time is right for IT experts to demonstrate why it’s important to invest in security, how it affects infrastructure and why they need to be part of budget and planning conversations.



To effectively participate in those conversations, however, you need a toolset to help clearly explain the security landscape as well as current and future security plans.



Buy-Hold-Sell, a methodology more commonly associated with Wall Street, can be something of a Rosetta stone for your application portfolio, enabling each business unit, including security, finance and business operations, to use a data-driven approach to crystalize the view of your IT investment.



Buy refers to valuable IT assets that advance business and merit additional investment; Hold means the asset is necessary but neutral; and Sell applies to assets that lack value, cost a lot to maintain and increase the business’ vulnerability to attack.



2)The Creep



This visibility helps staunch asset creep—the steady, incremental buildup of assets that over time lose their value. Sometimes new apps are layered onto obsolete ones without reevaluating which apps drive business, which keep the lights on and which merely increase network vulnerability.



Sprawling IT landscapes takes a lot of time, money and effort to maintain, pulling resources from more valuable, strategic activities. Buy-Hold-Sell allows you to decide whether you want to accept the risk of a particular IT asset. It provides the opportunity to simplify the IT landscape and reduce the organization’s attack surface. At the same time, this practice takes guesswork and blind spots out of the equation.



3) Build The Trust



Ultimately, security all comes down to people, and in most companies, there are gaps between the people who handle security, the information about the assets being secured and the ability to communicate that information.



IT security must evolve from something that’s perceived as a necessary cost to a profit enabler that sets the company apart from its competition and sustains trust from your customers.



4) Catapult Your Career



When you can provide a single source of truth that everyone can clearly and easily understand, you’ll bridge the gap between business operations, finance and your company’s executives. You’ll cut across teams to help your organization understand the actual cost of security and you’ll be able to map that cost, and the associated risks, across multiple lines of business.



Once you can do that, you’ll not only clarify your company’s needs, you’ll demonstrate your own value to the organization, which will better equip you to rise through the ranks of your IT organization.



And it all starts with IT leaders having the tools and the understanding to know how to keep that side door locked.



Karl Fruecht is head of engagement, KillerIT and Jason Ausburn, manager, professional security services practice SOS Security, a Forsythe Company.