Default title

UNCONTROLLED CHANGE IS THE ANTITHESIS OF SECURITY

EASY TO UNDERSTAND, HARD TO IMPLEMENT

Effective SMB Change Management is a rare beast. Most client organizations don't demand change management procedures until after a series of troubling failures has soured a relationship. Many Managed Service Providers (MSP's) don't introduce the topic early in the life of an organization as it increases management costs. MSP's rarely monitor system changes to ensure that undocumented changes aren't being made by well meaning consultant. While loose change management policies increase management efficiencies in the short term, they create long term problems that are best avoided.

POOR CHANGE MANAGEMENT DOCTRINE INEVITABLY LEADS TOWARDS UNDOCUMENTED OR ILL-DOCUMENTED DESIGNS.

From a security perspective, loose change management policies create situations where originally secure and well documented designs are slowly eroded into grotesque shapes of random and varied security protections. The attack surface of such systems are very hard to define as protection and stability vary from system to system. It is likely that with this much variation something is going to slip between the cracks and create a security compromise, it is also likely that it will not get noticed till after damage has occurred.

Bringing systems like this back from the brink is something that we have had ample experience doing. Correcting problems that were created through improper change management procedures and officially documenting required design exceptions is the type of valuable work that is covered wholly under our Flat-Rate Managed Services plans.

RECENT THREAT POSTS

- Becky Bracken
Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show
Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.
- Lindsey O'Donnell
Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472.
- Lindsey O'Donnell
Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls
Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data.
- Elizabeth Montalbano
Google Boots 164 Apps from Play Marketplace for Shady Ad Practices
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.
- Lindsey O'Donnell
Facebook: Malicious Chrome Extension Developers Scraped Profile Data
Facebook has sued two Chrome devs for scraping user profile data - including names, user IDs and more.
- Becky Bracken
Florida Ethics Officer Charged with Cyberstalking
Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.
- Lindsey O'Donnell
Telegram Bots at Heart of Classiscam Scam-as-a-Service
The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram.
- Tara Seals
Cloud Attacks Are Bypassing MFA, Feds Warn
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted.
- Elizabeth Montalbano
Ring Adds End-to-End Encryption to Quell Security Uproar
The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns.
- Becky Bracken
TikTok Takes Teen Accounts Private
The company announced accounts for ages 13-15 will default to a strong privacy setting, among other safety measures.

Archives

Leave a Reply

Your email address will not be published. Required fields are marked *

six − 5 =