Default title

UNCONTROLLED CHANGE IS THE ANTITHESIS OF SECURITY

EASY TO UNDERSTAND, HARD TO IMPLEMENT

Effective SMB Change Management is a rare beast. Most client organizations don't demand change management procedures until after a series of troubling failures has soured a relationship. Many Managed Service Providers (MSP's) don't introduce the topic early in the life of an organization as it increases management costs. MSP's rarely monitor system changes to ensure that undocumented changes aren't being made by well meaning consultant. While loose change management policies increase management efficiencies in the short term, they create long term problems that are best avoided.

POOR CHANGE MANAGEMENT DOCTRINE INEVITABLY LEADS TOWARDS UNDOCUMENTED OR ILL-DOCUMENTED DESIGNS.

From a security perspective, loose change management policies create situations where originally secure and well documented designs are slowly eroded into grotesque shapes of random and varied security protections. The attack surface of such systems are very hard to define as protection and stability vary from system to system. It is likely that with this much variation something is going to slip between the cracks and create a security compromise, it is also likely that it will not get noticed till after damage has occurred.

Bringing systems like this back from the brink is something that we have had ample experience doing. Correcting problems that were created through improper change management procedures and officially documenting required design exceptions is the type of valuable work that is covered wholly under our Flat-Rate Managed Services plans.

RECENT THREAT POSTS

- Lindsey O'Donnell

The FTC has banned the sale of three apps - marketed to monitor children and employees - unless the developers can prove that the apps will be used for legitimate purposes.

- Tara Seals

The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.

- Lindsey O'Donnell

Karsten Nohl, who was behind this week's research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.

- Tara Seals

The Magecart splinter group known for supply-chain attacks appears to be tied to advanced threat actors.

- clare

A survey of nearly 300 Black Hat conference attendees this year showed strong agreement that service accounts are an attractive target.

- clare

By monitoring their environment, companies can be ready to take action if any weakness – usually a software vulnerability – is found.

- Elizabeth Montalbano

A report by HP found that most people admit to looking at others’ computer screens and documents in the workplace while still keeping their own privacy top of mind.

- Tara Seals

A host of new features have been added to the malware.

- Lindsey O'Donnell

The travel reservation data, along with personal details, of hundreds of thousands was discovered in a database exposed online for all to see.

- Tara Seals

The Russian-speaking APT stole the Neuron and Nautilus implants and accessed the Iranian APT's C2 infrastructure.

Archives

Leave a Reply

Your email address will not be published. Required fields are marked *