A chain is only as strong as its weakest link
In the past few years, leaders have accepted that the human error is the biggest security risk to an organization, and organizations have responded with valuable policies and programs such as security awareness training and multi-factor authentication.
Necessary, but not sufficient. Organizations must continue implementing more robust security measures, expanding focus to include automated detection and rollback.
Due to the special role of IT staff in an organization, being able to make changes to infrastructure that potentially have grave security consequences, further audit and verification that these changes are performed correctly are necessary. For years, organizations have done this within the ITIL framework with manual or partially automated verification. This process has serious drawbacks. It’s expensive, inefficient, and doesn’t always provide oversight commensurate with the risk of the change.
Auditing and SIEM tools provide valuable protection and insight, but when a human must review the results, consider the best path, and apply the appropriate configuration changes, then you aren’t reacting fast enough in today’s threat environment.
Orchestration and integrity systems provide centralized management for detecting and verification of configuration of systems, but also audit and automated rollback features across heterogeneous environments
Implementing an automated approach to rollback unauthorized changes minimizes the exposure of both unauthorized changes by authorized staff and mistakes.
For both ITSM and ITSD, I have a far greater degree of confidence in the integrity of the systems we manage, and that the risk of human error has been minimized as necessary changes are made to systems.