Skip Links

10 hard truths IT must learn to accept

Unsanctioned devices, compromised networks, downtime -- today's IT is all about embracing imperfections

By Dan Tynan, InfoWorld
July 18, 2011 06:08 AM ET

Page 4 of 6

 IT concession No. 6: You will never have enough hands on deck. IT departments often want a fairer shake when it comes to outsourcing and head count reductions, but they're not likely to get it, says Meikle.

Because the tech outsourcing industry is much more mature than, say, legal services or HR outsourcing, IT is often the first to suffer when corporate bloodletting occurs. That's not likely to change.

The solution to IT manpower problems, says Meikle, is to take advantage of third-party outsourcers and integrate with them as much as possible. The bodies are still available; they're just not under your own roof anymore.

Also, says Meikle, be sure look out for No. 1. Keep your tech chops current with an eye on the next job before the current one evaporates.

"IT pros need to understand they work for themselves first, the organization second," he says. "They need to continue developing their network and contacts, marketing themselves, and developing a personal brand even when they are employed. Like it or not, IT pros may have to pony up some dough personally to pay for their education and marketability, but that will pay dividends when the chips are down."

 IT concession No. 7: Your network has already been compromised. Everybody wants their networks to be easy to manage and hard to breach. What they usually settle for, though, are racks and racks of security appliances that are hard to manage and easily compromised, says Joe Forjette, a senior project manager at enterprise security appliance vendor Crossbeam.

"The worst part is that each appliance needs to be constantly patched and updated," he says. "The result is a sprawling, highly complex, and costly security infrastructure."

It's also not working all that well. According to the Computer Security Institute's most recent survey, 4 out of 10 organizations experienced an incident such as a malware infection, bot net, or targeted attack in 2010; another 10 percent didn't know if their networks had been breached.

A smarter approach is to start with the assumption your network has already been compromised and design security around that, says Wade Williamson, senior threat analyst at network security company Palo Alto Networks.

"Modern malware has become so pervasive and so adept at hiding within our networks that it is increasingly common for enterprises to assume they have already been breached," he says. Instead of slapping yet another layer of patches onto the corporate firewalls, security pros can spend more time looking for where the nasties may be lurking, such as inside a peer-to-peer app or an encrypted social network.

The notion of a "zero-trust architecture" is gaining traction among many organizations, says Williamson.

"This is not to say that these companies are simply throwing away their security," he says, "but they are also turning their attention inward to look for the tell-tale signs of users or systems that may be already be infected or compromised."

 IT concession No. 8: Your company's deepest secrets are only a tweet away. Your employees are using social networks at work, whether they're allowed to or not. According to Palo Alto Networks' May 2011 Application Usage and Risk Report, Facebook and Twitter are in use at some 96 percent of organizations.

Originally published on www.infoworld.com. Click here to read the original story.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News