Did you manage to stay completely dry this January? If so, well done!
Chances are you might be detoxing some other areas of your life too. You’re on winter detox diet, have taken up yoga classes and are practicing 10 minutes of mindfulness each day. All in order to clean out your system – body, mind and soul – and get rid of all those nasties.
But have you ever thought about giving your IT systems a detox too? Get your IT operating systems and applications scanned for vulnerabilities and get rid of those nasties. It’ll save you a lot of trouble in the long run.
The Importance of Vulnerability Scanning
The world of IT and technology has seen a significant change in the last two to three years. Before this time an organisation could produce a product or a service, get it out of the door and start earning money from it. Now, every organisation needs to take risk compliance into consideration.
As a result of governance that has come into effect by changing the data protection law with GDPR, organisations are now legally responsible for information and data. Every organisation has a duty of care to the HMRC to manage its data. If an organisation doesn’t conduct those affairs well, it’s exposed and at risk.
As Andy Carter, MD at BOM IT Solutions, explains, “Problems start when a breach occurs and a business is unable to identify when and where the breach took place. In order to understand where your risks are, you need to know where your vulnerabilities are. If businesses don’t know this, it could ultimately lead to financial losses, which will be mainly due a business’ damaged reputation.”
Operating systems and applications are built at a certain point in time. A few years down the line vulnerabilities are often found in the code that was initially developed. And those vulnerabilities are the very means by which a hacker or somebody who wishes to cause some kind of commercial disruption, will gain access to an organisation’s IT system in order to exploit it.
Andy continues: “Vulnerability scanning is the way to avoid any risk-related issues. Every business, large or small, should be on top of this.”
Report, Remediate and Resolve
BOM performs internal vulnerability scanning, using a product called Qualys. A team of experts deliver this as a managed service to BOM’s client base. Agents-based scanning will collate information around risk. BOM also consults the global Common Vulnerabilities and Exposures (CVE) database, that publishes known vulnerabilities and categorises them into high, medium, or low risk. This combined information gives BOM the ability as a managed service partner to report, remediate and resolve risks.
BOM employs and manages the technology and delivers reports however frequent the client requires.
Says Andy, “As a result of those reports, we take the information and produce a risk register that will allow us to combat the risk.”
This risk could be anything from a number of Windows 7 machines on the network which are no longer supported, or it could be something as simple as a PC needing an Adobe update.
In order to remediate the risk and remain protected, BOM undertakes a process called patch management.
Andy explains: “It’s called a patch because that’s effectively what it is, a sticking plaster. You stick something over the top each time the risk occurs, which then allows the operation system or application to remain secure”
Once the right patch has been identified, BOM will put a process in place with the organisation to conduct that patch and resolve the issue. It’s BOM’s job to either automate the patch, or it might be a manual process, depending on the complexity and availability of the system. A business may not want to run an update during the working day, so this may need to be done offline overnight when there are less users.
The cyclical practice of identifying, classifying, remediating and mitigating vulnerabilities that we’ve looked at in this article is known as vulnerability management.
A last word from Andy on this: “As a partner we take care of scanning, we take care of patching, we will identify the risk, we will manage the process and once that process has been delivered and the remediation has been completed, naturally we will provide any support thereafter that may be required.”
So go ahead, take your winter detox programme into the workplace and get your IT systems 100% healthy again. And unlike most people’s detox experience, don’t give up on this one and keep the cycle running!
If you would like further information or wish to discuss how BOM IT Solutions can assist you with either vulnerability scanning and patch management then please email us at sales@bom.co.uk or call for a consultation with our team on 0800 038 7222
Alternatively, simply complete the form below: