Remember newspapers? Not newspaper sites, but actual dead tree newspapers?
Yeah, they’re still around but they’re definitely looking more and more like a 20th century leftover. Part of the reason for that is the convenience of reading online but a bigger part is newspapers are out of date the moment they’re printed. News doesn’t wait for the next evening when a paper is getting ready to be published to happen. Journalists have always known this but there really wasn’t anything that could be done about it and the customers were used to having their news a day late.
Now of course we’ve got the web and a story can be updated anytime something new develops. Even so, people keep buying printed-on-paper newspapers. Old habits die hard. For some companies, checking for endpoint compliance only occasionally may be one of those old habits. But while out-of-date news might not be a big deal to most people, out-of-date compliance can be a disaster for companies.
Logically, it doesn’t make a whole lot of sense to only run compliance checks every now and then and yet some companies continue to do it. You’ve invested time, money and a lot of effort to create endpoint compliance requirements that will protect your company. When they’re up to date they can protect from attacks that can carry a hefty price tag if they’re successful. You can lose intellectual property; you can get hit with all sorts of legal and financial problems and your brand—that indefinable but essential part of every business—can be hurt very badly.
All that can be protected if you keep your devices continuously compliant with security and regulatory policies outlined by your organization. Despite this, some organizations only run compliance checks monthly, quarterly or even annually. Problem is they are out of date the moment after they’ve been checked. Just like news doesn’t wait for the next deadline, new attacks or users fiddling with stuff they shouldn’t don’t wait for the next time you check. Not running continuous compliance checks is like buying insurance that only works one day a week.
There’s also the cost of having skilled IT teams being pulled off higher-value projects to fix breaches or other security problems on an ad-hoc basis. Without having an effective way to continuously monitor compliance (and make it automatic) companies waste employee capital and time trying to triage problems personally. That’s a little bit like a newspaper pulling in a star reporter to fix a broken typewriter ribbon—you might get the ribbon fixed, but you’ve missed the chance to be the first to cover a headline event, and maybe even one that would have sold thousands of copies of your paper and added substantially to your bottom line.
So why don’t companies run continuous compliance checks? Well, consider how most companies handle compliance:
- Policies are developed by a security team who see compliance as their top priority.
- They run a tool or tools to see if endpoints are, in fact, compliant.
- They discover policy violations and then forward them to systems and desktop administration teams.
- Those teams, who are probably under pressure to have all endpoints up and running, make fixes when they can find time to do so.
If that process alone didn’t all-but-guarantee problems, it’s very likely that the operations teams 1) deal with one policy violation at a time, one endpoint at a time; 2) may or may not be able to actually remediate the problems; and 3) usually use tools to fix the problems that are different from ones used to find them. Good luck finding out which ones got done and which ones didn’t.
This isn’t the way either security or operations wants the process to work, it’s just that it was the best they could do with the tools they had.
It doesn’t have to be that way anymore.
With IBM Endpoint Manager you can have real-time, easy-to-manage, easy-to-operate continuous compliance and audit readiness. It is a thin client so installation is fast and simple, going into action within minutes of installation. The lightweight, intelligent agents it places on each endpoint continuously enforce security policies regardless of whether or not the endpoint is connected to your network. It’s scalable – you can handle up to 250,000 different endpoints with a single management server. It doesn’t just check for what’s in compliance, it handles the remediation as well using a library of 8,500+ different definitions out of the box. Anything it can’t fix, it can report back to you whenever it happens.
Like that renowned technology pundit Mick Jagger sang, “Who wants yesterday’s paper?” Tired of being out-of-date? Click here to find out more.