The Skinny on Security Assessments

February 14, 2018/
/by Akins IT

akins-staff-1.pngAuthor: Michael Maust

Within the past decade, the so-called “digital landscape” of Information Technology has experienced unparalleled growth through the continued efforts of businesses to provide more convenience, accessibility, accountability, and, importantly, the monetization of technology. The result - a digital sprawl of highly complex interconnected devices that have penetrated nearly every facet of modern society. This has resulted in a paradigm shift in our methodology of implementing and maintaining technology in both the workplace and within our personal lives

“Security” is the most ubiquitous buzzword when it comes to the IT vocabulary. It’s impossible to ignore the fact that IT security is one of the most crucial topics to address, but is often one of the hardest topics to fully understand and grasp. With the advent of the Cloud, mobile applications, social media, the “Internet of Things,” and the latest and greatest emerging technologies, it can be challenging to find the correct entry point to better security.

AkinsIT understands that security is never a one size fits all solution but rather a process of curated recommendations based on the overall composition of the business. Ultimately, a security solution should be hand crafted to fit the business’ needs today while allowing scalability to meet requirements in years to come. Generally, multiple aspects are evaluated to create a successful security posture and audit.

User Identity and Application Compliance:

With the increasing reliance of technology in businesses, it’s become imperative to monitor and maintain employee control. Mitigation against anonymity is crucial to ensuring that full transparency on usage is accessible at any given moment. It is recommended to implement methods for identity management to keep track of internal usage.

Microsoft offers a compelling suite of software to regulate user identity while simplifying accessibility. The Microsoft Enterprise + Mobility (EMS) suite can effectively leverage any existing environment with the most up-to-date security technologies presently available.

EMS implementation of Single-Sign-On (SSO) can tie all business applications together for each end-user management. No longer are the days of juggling multiple logins, passwords, and usernames. With EMS, SSO can extend to any device, even Apple iOS or android phones. EMS management will allow IT administrators to ensure compliance, conditional access, application revocation, and internal auditing/logging of access.

While the SSO functionality unites applications, Microsoft Intune unites employee devices. Through Intune, devices are given secure conditional access to valuable company data. IT administrators can utilize Intune’s mobile device management technology (MDM) to securely provision, wipe, and monitor data utilization and access.

EMS extends beyond SSO and MDM. A wide host of security driven technologies are available to use. This includes employee/user analytics, regular security alerts, and proactive monitoring of user patterns.

Compliance and Auditing

The increased number of endpoints, network devices, and cloud-based infrastructure can make comprehensive system audits complex and prone to inaccuracy.

AkinsIT leverages the many components necessary to ensure a successful, accurate, and comprehensive network-wide audit. A successful audit uses a combination of software and a social understanding of business practices, hardware lifecycles, and future requirements to determine the deficiencies in security and compliance in network devices. Typically, interviews are conducted to gauge the overall breadth of the audit – what compliance is needed and what documentation is requested?

Specific compliances include but are not limited to: HIPPA, NIST, CIPA, PCI, SOX

A security assessment will perform a comprehensive check of all network devices (switches, routers, server environment, cloud usage, applications, and endpoints).

Hardware Security

Ensuring proper configuration of network appliances and endpoints is crucial to ensuring a secure infrastructure. AkinsIT will assess overall network configuration to ensure security is implemented to industry best practice. Software is deployed to “sniff” out the network and search for security holes in hardware ranging from the network edge firewalls to the core components of the network. Recommendations will be made on configuration, implementations of “Next Generation” features and considerations for future use and scaling.

Ensuring endpoints are proactively monitored and maintained is vital to overall security posturing. Recommendations for endpoint management are made to fit within the current environment and are curated around current infrastructure and setup.

Social Awareness and User Data Monitoring

End user engagement is imperative to overall security. AkinsIT will work with employees to educate and instruct users on security best practices, password implementation, and phishing/e-mail security.

AkinsIT has partnered with Fortinet to utilize monitoring tools to create an overall picture of the websites and applications that a business’s employees are regularly looking at. Fortinet has implemented a network Cyber Threat Assessment to gather employee network traffic and utilize a threat score to determine overall security posture of local traffic.

Continued Dialogue…

Ultimately, the most important attribute to overall network security is a continued proactive “human” dialogue on the overall needs and expectations of the company. Good security is multi-faceted and ever changing. AkinsIT believes the only way to achieve a truly effective security assessment is a continued customer engagement with a strategy that can align with the modern digital landscape. 

Start Your Security Assessment