From outdated server infrastructure and operating systems to manually maintained network gear and unpatched end-user compute: there are many ways that technology can expose organizations to increased security risks and outages. To avoid these risks, businesses need to fully understand the health of their IT systems and take a proactive approach to managing the IT infrastructure that is running all workloads, not just the critical ones.
There are many resources that can help organizations evaluate their current security posture and move from a reactive position to a proactive position. It is critical that IT organizations become not just the providers of these services, but partners to the businesses implementing them.
Maintaining the compute power
How well do you know the health of your business’s compute power? Are you sure it’s not putting your company at unknown risk?
Whether your compute power is located on-prem, in a co-location, or in the cloud, there are multiple layers of maintenance that need to occur on a regular basis. If not properly maintained, each device and layer of its maintenance is a potential security risk
There are three parts of the compute layer that need to be considered: the firmware of the hardware components, the operating system (OS) itself, and the major software components that control functions within the OS.
1. The firmware layer
Updating firmware helps address critical problems, such as unresponsive servers, which can put your system at risk. Firmware updates also correct product issues such as ROM or processor functionality to improve system performance, and make the system easier to service.
Keeping firmware up to date is critical to maintaining system stability, performance, and security, yet investigating firmware is not part of regular maintenance for many organizations. Some do not check it at all. It is important to update firmware (also called “flashing the ROM”) as part of regular service maintenance, and to check for specific firmware updates between regular updates for optimal performance.
2. The OS layer
The OS layer includes the OS of the virtualization layer and the OS of the physical or virtual server.
All OS vendors provide regular patches or updates from their operating systems. Many organizations rely on third-party solutions to handle these updates, which can sometimes lead to issues if the processes are not fully understood and co-managed. For example, when a new patch is released that supersedes a prior patch, third-party systems may report that the prior patch is “compliant” because it is no longer needed, even though it was never installed. Or there may be prerequisites missing; the system has not installed many of the required patches, but reports that the patching process script is complete even if the patch installation does not.
Business restrictions on system reboots can also cause issues. The patch is completed, but some operating systems will continue using the old code until they are rebooted. These are common scenarios that can increase security risks and jeopardize system stability.
3. The software layer
The third layer is the major software components — drivers or other code that is managed by the OEM or third parties — that control system functions within the OS. Like OS patches, these major software components are critical to maintain performance, stability, and security.
For the most part, these three layers exist in all the hardware components in the datacenter, whether on-prem, co-location, or cloud. (Some hardware does not have reprogrammable firmware or has parts that are not reprogrammable. Some operating systems are controlled by a peripheral supplier and therefore are out of scope from “normal” operations.)
With cloud computing, businesses pay hyper-scalers to manage firmware and physical machine maintenance, as well as their virtualization layers, but the organization is still required to manage the rest.
Do you have a holistic understanding and uniform set of practices across the whole network?
IT networks are the fabric connecting everything in the modern enterprise, so it is critical that they are adequately maintained. Ransomware and other cyber-attacks can proliferate through design or maintenance issues throughout networks. However, keeping networks up to date can be challenging, and even necessary maintenance such as updating operating systems and installing patches can put networks at risk.
Many organizations do not have full redundancy in all their switching layers, leading to single points of failure, meaning one failed device can bring down multiple other devices and applications. Businesses concerned about potential routing issues sometimes avoid rebooting at all costs because there is a risk that a switch may not come back on after it is rebooted, or that it will come back on improperly and require remediation.