User Security and Automation Security – Think Preventative Not Reactive

In blog by Baufest

Security has always been a balancing act. If you make your environment too secure, productivity suffers due to draconian permission constraints, but swinging the pendulum the other way can also result in loss of productivity due to constant security breaches in the environment.

Wednesday 9 - December - 2020
Baufest

How do you find the balance of adequate security and productivity that won’t break the bank?  Baufest has helped many organizations find that right balance and the advantage of security enhancements in the cloud  with a hybrid cloud foundation or a pure cloud migration. Let’s tackle two areas where any sized organization can take advantage of a cloud offering’s security enhancements.

1.USER SECURITY

Role-based access control (RBAC) has been around for many years, typically prevailing in large organizations with the budget and resources to implement tiered user permissions for file access, software licensing, and network access on/off-premise. This administrative task typically consumes many resources to manage effectively with a poor history of efficient  upgrades. Over time the RBAC platform would become bloated with history, forgotten employees who had left the company, and weird artifacts of user permissions fractured by upgrades, locations, and different versions of RBAC platforms in the mix. Any of these pain points cause fissures in the environment’s security, potentially exposing an organization to ill-intent.

Current cloud offerings allow RBAC for every sized organization, setting the field closer to level for small and mid-sized organizations to take advantage of extended permission options. Using these functions in a cloud environment allows passwords and file access to be easily managed worldwide in real-time, practically eliminating the need for remote network access, making this security benefit a must-have for today’s distributed workforce. 

2. AUTOMATION SECURITY

Automation has taken over every consumer’s expectations, wanting instant access, data, and feedback, which seems great until you realize how fast automation can expose and exploit security holes. Often these integrations are built quickly for processing speed and convenience with little concern about security in mind. Combine lax integration security with older systems that are not fully patched, forgotten access holes in the firewall, and high-level user access for the system integrations and POOF, access granted to the wrong user!

Moving critical systems that use integrations to a cloud host can set an organization on a fast path to improve system security. Leveraging hosted machines updated by the host ensures proper host patching, reducing OS-level security holes and associated overhead costs. Revisiting firewall openings during this migration process will identify the exact ports for proper integration communication. During migration, security certificates will also be addressed and issued for the new environment. As systems come online, tokenization of integrations ensures that communication only happens with specified systems.

Anyone reading this would conclude this is possible on-premise, and you are correct. BUT, less administrative overhead, a new environment free of legacy change holes, and the knowledge that these systems can now scale up and down without the need to Adhoc extra resources in times of crisis are clear value divers to move these system integrations to the cloud.

If you have leaped to the cloud and found security benefits you hadn’t considered before the move, help your colleagues out, and share your experiences! Other areas for consideration in this security discussion could be:

  1. Employee onboarding/offboarding
  2. Physical security
  3. Access control
  4. Environmental monitoring
  5. Disaster recovery

Security needs are ever-changing.  Reasons organizations address security issues tend to be on the reactive side of implementation instead of the preventative side.  Ask this question: How does or would my organization find out about a security hole?  At Baufest, we believe in helping our clients put measures in place to monitor, test, probe, and correct these issues before a business interruption occurs. Let’s talk!