The primary function of enterprise IT management is to empower end users with access to technology resources that will boost their productivity and job performance. However, this focus is at odds with the core precepts of IT security which are adopted to minimize the exposure of enterprise systems, applications, and data. I recall that in a number of IT operations management adventures throughout my career, I often joked with colleagues that the most effective way to create a secure environment is to simply shut down all computers in the data center. Naturally, management executives dependent on the IT infrastructure to generate revenue were not amused by my flippancy…and even less happy that their workers had to “jump through hoops” to gain access to IT resources.
Traditionally, maintaining the practices necessary for achieving both security and accessibility requirements have been tantamount to an arm-wrestling contest—with each respective IT manager struggling to dominate the other to ensure their particular set of requirements are achieved. The broad expansion of accessibility requirements that has arisen over the last few years to support workforce mobility has only exacerbated the problem. Business professionals are now demanding unprecedented access to enterprise applications, data, and services from any device at any location at any time. While many organizations may be sorely tempted to simply lower security restrictions to satisfy user requests, the damaging effects of breach events increasingly reported by media outlets along with a need to achieve regulatory compliance objectives forcefully apply counter pressure on IT operations to maintain strict security policies.
Security, however, does not need to be an adversary to IT management. Practices satisfying both sets of requirements can be complementary, rather than contradictory. For instance, patching and updating, which are essential processes for both IT disciplines, traditionally employ common procedures for monitoring, distribution, and installation. Next week we’ll look at some methods how to accomplish this.