Andrew Smith

In 2012, IT security will be as important as ever

Andrew Smith, sales engineer at Kaseya, believes it pertinent that all information security managed service providers (MSPs) offer layered security as there is much more to security than simply a security update.

“Microsoft recently announced that a new critical vulnerability (MS12-020) has been discovered that affects all of its supported Windows operating systems. The ramifications of exploiting this vulnerability could be disastrous to any organisation,” says Smith. “There is a silver lining to each cloud, however, and with this in mind, MSPs should be seizing the opportunity to revisit their IT security policy discussions with their customers to mitigate this type of risk as much as possible.”

Smith believes that simply patching Microsoft operating systems and applications is not enough and third party software application patching should form just as strong a part of a security policy as any. “An IT security policy needs to be holistic. After all, it is only as strong as its weakest link. In recent times malicious hackers have discovered vulnerabilities in other vendors’ software as well. An example of this occurred at the end of 2011 when a zero-day vulnerability in Adobe Reader was being exploited by criminals.”

Smith advises that MSPs refresh their IT security services portfolio to add extra layers of protection that their customers can benefi t from. “With the relevant information at hand, the reasons for adopting IT security services will be that much more compelling and the return on investment substantial. The important question to ask the customer is not what would happen if they did implement this service, but what would happen if they didn’t,” he says.

The first step, says Smith, lies in visibility. “Those that handle computer management need to understand all aspects concerning them. Issues such as what operating systems are being utilised, what service packs each PC has implemented, etc. should all be known and well understood. An auditing tool in this instance will be tremendously valuable.” In light of this, Kaseya offers an audit and inventory service that helps close security holes, reduce interoperability issues, examine hardware/software policy issues, and inventory computers without interrupting the user.

It also offers directory services that automatically discover and sync Active Directory domains with the Kaseya IT Automation Framework, give administrators the up-to-date system and user contact information they need, automatically update auditing information as changes are made to Active Directory, provide users with secure remote access to their work machines without confi guring a VPN, support unified login access between the network domain and Kaseya portal, and allow technicians to reset passwords in addition to disabling or enabling Active Directory. Secondly, Smith explains, implementing standardisation from a security standpoint is critical. “Once visibility has been achieved, ensuring all computers are running on the same versions and patches will make the organisation easier to secure and will dramatically decrease complexity,” he says. “The use of an imaging tool and a standardisation tool will greatly aid in ensuring optimised software deployment is handled throughout the organisation.”

Kaseya offers imaging and deployment services that support multicasting, and offers a “set and forget” style of managing image deployments in the organisation. It also offers a policy management service that ensures that every user, and every system is being managed consistently.

Last, but not least, Smith suggests an automated system be implemented to deal with vulnerability patching of all software, including third party applications. “Patch management tools as well as a good anti-virus tool will help with this part of the securing process,” he says.

Kaseya’s patch management service automatically keeps servers, workstations and remote computers up-to-date with the latest important security patches and software updates. Kaseya also offers software deployment and update services that streamline the software deployment and update process for the most common third party solutions while ensuring compliance and version dependencies are met.

Moving into and beyond 2012, Smith believes IT security is going to be as important as ever. “The London Olympics, US presidential elections, Mayan calendar and apocalyptic predictions will almost certainly lead to broad attacks by criminals,” he says. “This, in conjunction with the evolution of social media, identity theft and the exponential increase of mobile devices, creates the need for MSPs to ensure that they remain current with regard to their customer’s security requirements, and become the Trusted Advisor by keeping up with these potential threats.”