End-User Computing Devices

End-User Computing Devices
If these companies were affected then the foundation of computing could be at risk. If you could manipulate at the hardware layer via the firmware, BIOS, ect then a threat actor could weaponize well below the operating system which brings in to question the integrity of the entire computing stack and everything above it.  The firmware and bios are like the rebar and concrete for a building. If that foundation is weak then the entire structure and anything dependent on it is at risk. We cannot underestimate the potential or the severity of these companies being potentially affected by the SolarWinds hack and what that means for the foundational computing hardware they provide to the world.  What do others think ?  How could this impact your organization ?   Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack - The Verge

Top Answer : The message here is: one is never out of the woods ever, so pay attention! Just because today's news eclipses yesterday's doesn't mean companies get to shove the bad under the rug and stay silent. Remember, vulnerabilities discovered 10-15 years back are still at the top of the list of the most exploited.

Does your organization have a program to refurbish or recycle devices?

Top Answer : I have long been involved in the life cycle of devices, so there was always a program in place. We didn't realize we were really good at recycling, we were just saving the company money by taking devices that were state of the art three years ago and giving them to somebody else in the organization that was just starting up, whether they were an intern, or a new hire or in a different department who didn't require all the bells and whistles. So in terms of managing assets and being smart about it, that's always been a part of IT. Another thing we used to do with older equipment was refurbish them to a point, removing any sensitive data, and then provide them to the local schools, or to underprivileged kids in economically challenged regions, because there still is a digital divide. Being able to give people a device at no cost is still a working system that helps a lot. And there are many organizations that do similar things.

What are your thoughts on SaaS management platforms (SMP)?

Top Answer :

39 views
0 comments
3 upvotes
Related Tags
Business Application Development
Architecture & Strategy
Maintenance
Requirements & Design
Testing, Deployment & QA
Mobile Development
Development
Selection & Implementation
Business Analysis
Applications Vendor Landscapes
Optimization
Backup
Data Center
Public and Hybrid Cloud
Telephony
Network
Compute
Storage
Business Applications
Cloud
Crisis Management
Data & Business Intelligence
Artificial Intelligence
Business Intelligence Strategy
Data Management
Enterprise Integration
Integrations
Machine Learning
Governance
Data Lake
Big Data
Data Warehouse
Disruptive & Emerging Technologies
5G
Blockchain
Cryptocurrencies
Virtual Reality
IoT
Reality
Digital Innovation
Bots
Augmented Reality
End-User Services & Collaboration
Collaboration solutions
End User Equipment
End-User Computing Devices
Endpoint management
Productivity tools
Document Management
End-User Computing Applications
End-User Computing Strategy
Mobile
Voice & Video Management
Continuous Integration
Technical Product Management
DevOps
Continuous Deployment
Development
Quality Assurance
Customer Relationship Management
Enterprise Content Management
Customer Success
Enterprise Information Management
Finance
Enterprise Resource Planning
HR
Legal
Marketing Solutions
Retail
Human Resource Systems
Marketing
Product Recommendation
Sales
Risk Management
GDPR
SOX Compliance
Governance, Risk & Compliance
Infrastructure & Operations
Cloud Strategy
I&O Finance & Budgeting
Operations Management
Network Management
DR and Business Continuity
Server Optimization
Leadership
Attract & Select
Cost & Budget Management
Engage
Culture
Manage Business Relationships
Innovation
Organizational Design
Program & Project Management
Train & Develop
Values
Talent management
Performance Measurement
Organization Structure
Manage & Coach
Availability Management
Financial and Vendor Management
Reporting
Service Desk
Management Tools
Enterprise Service Management
People & Process
Process Management
Asset Management
Project & Portfolio Management
Portfolio Management
Project Management Office
Pulse
Security
Confidentiality, Integrity, Availability
Secure Cloud & Network Architecture
Endpoint Security
Data Privacy
Identity and Access Management
Security Operations Center
Security Strategy & Budgeting
Security Vendor Landscapes
Threat Intelligence & Incident Response
Threat & Vulnerability Management
Vendor Management
Infrastructure Vendor Landscapes
Budgeting
Roadmap
Outsourcing
Strategy & Operating Model
Business Continuity
Architecture Domains
Strategy
Tool Recommendation
Have you found a solution to fully manage all the devices on your network?

Top Answer : We often talk about end-users and access, etc., but we don't talk about all the devices on a network that are just as vulnerable and can't be managed. And the ones you can manage are connected to some manufacturing device, whether it's a Rockwell or some ICI system that’s run by a Windows 7 or Windows XP machine that you can't patch or put AV on. What do we do in that case? Solutions like Armis can tell you what a device was doing and if it was out of its normal behavior. And if it was out of its normal behavior, it will tell you about it and suggest you might want to go fix it. When I worked at the vaping company, we had every best in class security tool you could think of and we were still getting nailed. We were sending information out to these foreign countries that weren't friendly and couldn’t figure out why. It wasn't until I got a proof of concept (POC) with Armis, just to see. Within 10 minutes of hooking it up, they say, "By the way, your cameras are sending stuff to Russia. You might want to check that out." And we had no idea. We had a 20-person security operation center (SOC) and nobody could find this stuff. So, the posturing of these devices is important: knowing what you have and knowing what everything is doing. But companies like Tanium and Armis still don't address the zero-trust issue.

Do you know all of the devices on your network?

Top Answer : Knowing everything on the network and where they were was a big thing at a number of the other companies I ran, and it was poorly done in some cases. You started to need to air gap things off but if you air gap, it's going to be even more difficult to find some of those things on the network.  None of the companies that would allow me to do that let me find all the things on the network and what they were dealing with. And then the engineering networks would say, "You can't get in there. We're separate," but then some of the things would come from the engineering networks first. So it was a big issue. That's why I actually started doing more microsegmentation. I won't say I was an Enterprise Certified Netware Engineer (ECNE), but I do remember some of that stuff. I literally had some of the group walking around with laptops into these segmented areas to do some of the testing, because that was most effective.

Does your organization have a bring-your-own-device (BYOD) policy?

Top Answer : We have it, but there is no reimbursement.  We had extremely low adoption, since CORP traffic would eat up a significant amount of your monthly data plan. I personally did not choose to use my personal phone for work.

369 views
1 comments
0 upvotes
Related Tags
How do you prevent your hardware from containing any unintended loopholes or access points upon shipment?

Top Answer : We're doing the same basic stuff everybody else is doing as far as code testing. And we do basic apps security, penetration testing code reviews, we get someone to look at it and do background, etc., so I think everyone feels comfortable with the code itself. The issue is that we have such a narrow focus on whether the CI/CD pipeline is good. If you're just looking at that then what happens when you don't have any dev/prod segmentation or something? That's more the issue I see: "The code is great and we pushed it to dev and then it sat there. But the dev systems are not segmented from prod and now port 22 is open to the world because someone didn’t put a rule in to close it."

Who would you recommend as a zero trust vendor for small businesses and non-profits that use mostly BYOD and cloud services?

Top Answer : I don't know how well they scale down from a medium-sized deployment, but I'd recommend talking with Zscaler at least from a technical standpoint.