There\u2019s already been a lot written about the persistent tension between operations and security. The security team\u2019s mission is protecting the business from malicious activity, and that sometimes means locking systems down. The operations team\u2019s mission is to maximize the business\u2019s ability to do business on their IT systems, including managing software and configurations. \n\nThen, of course, there is the user experience. Have the security tooling and other changes consumed so many system resources that users can't perform their jobs? Is memory maxed out? Are applications crashing? You need to have a way to measure user experience to answer these questions.\n\nTracking user experience\n\nWhen something breaks, how do you know? Change control is great but you need a way to measure the impact of changes that have been made. Let\u2019s say you\u2019ve closed 10 vulnerabilities on your endpoints. Are your applications crashing? Have your systems started using more resources? Do you have more systems running at 100-percent CPU usage than you did before? Because a system with no resources means there is an employee that\u2019s being prevented from doing their job.\n\nThis is where you need analytics. You can\u2019t depend solely on users for timely, reliable information.\n\nAnalytics and the user experience\n\nTo take some of the burden off the service desk, many large organizations simply give all users admin rights. They resort to that because they don't have a way to identify systems ahead of time that will generate problems.\n\nThey don't have any way to measure resource utilization, which is done regularly on servers but not on user devices. So, they have no clue what the user experience is. They have no data except, \u201cHas anybody opened a ticket?\u201d\n\nPerformance metrics are a subset of IT analytics and they\u2019re critical. When the security team wants to install more agents, operations can show that user systems are already running at 75% of maximum capacity. Add those new tools and users won\u2019t be able to work. Those are the analytics that support business decisions.\n\nCyber hygiene and analytics for the C-level\n\nWhen it comes to cyber hygiene, the primary question of C-level executives is \u201cCan my users do their jobs?\u201d Many IT decisions are based on the risk of IT systems getting in the way of employees being able to work. But making those decisions without supporting data leads to trouble. \u00a0\n\nThis is where executive-level dashboards can make a huge difference. Easily consumable metrics can help execs figure out at a glance where to draw the line between security and operational risk.\n\nFor example, if a key indicator shows that 20% of organizational systems are missing critical patches that\u2019s normally cause for concern. However, if the dashboard shows that last month the figure was 50%, the trend is at least headed in the right direction. That\u2019s certainly something to keep an eye on month over month to ensure the trend continues improving. \n\nAt the same time, if a system\u2019s performance monitoring indicator displays \u201cgreen,\u201d indicating minimal outages, that\u2019s all the executive needs to know that risk has been reduced this month while ensuring solid system performance.\n\nHere are three key indicators an executive dashboard might include:\n\nIf there\u2019s a problem at the summary level, executives can alert their IT teams to dig into it. They don\u2019t need to know the details; they just need to know that approved standards are not being met.\n\nThe importance of fresh data\n\nWhen an issue arises requiring intervention, it\u2019s critical that engineers have access to real-time data on all their systems in one place. Without it, they\u2019re forced to spot check systems or wait until they get the next scheduled report. They end up not knowing what\u2019s accurate and what isn\u2019t.\n\nIf you\u2019re doing it right, the engineering team should always know before leadership does. Ideally, before an issue hits the executive dashboard, it\u2019s resolved.\n\nHow did the move to remote workforce affect the practice of cyber hygiene?\n\nA lot of companies lost a minimum of six months adjusting to life with a distributed workforce. The information that IT executives needed to make qualified business decisions disappeared overnight. When 90% of the workforce went remote, the companies with great on-premises tools lost visibility to everyone working from home.\n\nThey couldn\u2019t get data from, update, or even see endpoints that weren\u2019t connected 24x7 to the corporate network. Companies that couldn\u2019t connect with endpoints over the Internet lost the ability to gather endpoint data and understand their state. So, from an analytics and decision-making perspective, they were forced to guess.\n\nCyber hygiene, Zero Trust, and the remote workforce\n\nWhen the pandemic hit, many companies couldn\u2019t provide desktops or laptops for everyone, so they effectively said, \u201cUse your own device and we\u2019ll deal with consequences later.\u201d In some cases, critical patches were missed because organizations had no way to patch remotely.\n\nWithout making tough decisions like that, people could not work and the business would not be able to function. \u00a0So, this was the opposite of Zero Trust. It was blind trust \u2014 and hope for the best.\n\nWithout good cyber hygiene, there\u2019s no moving to Zero Trust. With poor IT hygiene, Zero Trust can bring your operations to a grinding halt because nothing will be trusted.\n\nA large number of users and devices will fall into the \u201cdon\u2019t trust\u201d category. So, before companies purchase and try to implement a Zero Trust solution, they need to get the basics of cyber hygiene right.\n\nLearn how to manage all the data in your environment and act immediately.