Current Filter: Network>>>>>Opinion>

   

If 2015 had started off with just one IT theme it would have undoubtedly been security. Following numerous corporate data leaks and the cyber attack on Sony Pictures, widespread media coverage has placed network security firmly back on the IT agenda.

Having witnessed the devastating impact of the Heartbleed bug and similar security vulnerabilities last year, businesses all over the UK are renewing their policies and increasing their security investment in preparation for what is to come. But despite these increased efforts there exists one area of Enterprise IT that remains widely unmanaged and ultimately insecure - and that's application portfolios.

By failing to keep systems up-to-date, businesses are ultimately undermining their own security efforts, opening up a multitude of backdoors and creating potential security weak spots. Throughout 2014 the most widespread example of this was seen following the end of support for Windows XP. Despite two years of preparation, as many as 30 per cent of organisations were still using the out-dated OS long after the last security patch was issued. Now, well into 2015, the holes left in XP continue to expand and must be placing thousands of companies at risk.

But its not just operating systems that businesses are failing to manage. As a host of new devices enter the market, IT departments are faced with ever more upgrades that could potentially undermine their internal security. With the rise of the Internet of Things, the number of connected devices is expected to increase by as much as 20 times. Where once organisations would only need to monitor and update a small selection of software applications, IT departments will now need to manage and then migrate their software across hundreds of different devices. As a result, many businesses are being faced with vast and unknown application estates.

Without a complete understanding of what applications are installed on their systems, IT managers have no way of knowing where their data is going or if their systems are vulnerable to attack. This is a real and growing challenge. Users are commonly installing apps of their own choosing, including those that they own, on business devices (Bring Your Own Apps), and adding an entirely new layer of unapproved applications to a company's device portfolio. Furthermore, employees are also now bringing their own laptops, phones and tablets (Bring your Own Device), and this problem is only set to get worse with the advance of The Internet of Things and wearable technology. Even the humble smartwatch could pose a security risk.

Previously, businesses would have had months, if not years, to prepare for such challenges. Now however, the increased pace of technological change has left many firms unable to keep up with the rate at which updates and unauthorised apps are being added to their systems. Without a complete understanding of their app portfolios, businesses have no idea what applications are using their data, where that data is stored, or even if that storage meets basic security requirements. This risk is further added to by the possibility that employees are not keeping their applications up-to-date, potentially opening up company assets to any number of cyber threats.

In order to address this issue, businesses need to change the way that they approach application security. Rather than focusing on individual apps or reactionary updates, IT managers should instead consider application security to be a continuously evolving practice. By implementing application portfolio management as an ongoing process, businesses can develop an understanding of which apps are installed and which might represent a potential security threat. Adapting to long-term change will require a long-term mindset. It's time to upgrade our thinking, not just our apps. NC