What is the biggest missing piece from most companies’ security posture?
Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees
I'm still waiting for the day when we have an operating system that's like your CRM, for example, like Salesforce—not a desktop as a service, more like a software that's a desktop. When are we going to get to that point? You still have to secure the end point, but why can’t we have this completely automated with patch management, etc., all done from a website perspective or an application so that you don't see any of that? All of that could be completely transparent. Or, if it is something that does cause downtime or friction for the end user, it's often pretty transparent or very short.CIO in Education, 1,001 - 5,000 employees
Awareness that people are still ultimately the weakest link.Managing Director in Manufacturing, 51 - 200 employees
Policy, Controls, Audits. A policy is on as good as the controls in place to ensure its enforced and a control is only as good as an audit to ensure its working. e.g. A stale user policy may exist saying that users aged out need to be disabled, but is there an automated control taking action? have you reviewed the results of the controls actions?
Content you might like
Avoiding vendor lock-in41%
Competitive Pricing57%
Ease of scaling to workloads45%
Resistance to outages40%
Regulatory compliance12%
Other (share below)4%
518 PARTICIPANTS
MBA / Master's Degree73%
CISSP / Comparable Certification26%
752 PARTICIPANTS
Laptops are still the biggest surface area to attack in a business, and it's harder than hell to fix. In Maslow's hierarchy of IT, at the bottom is the expectation that things work. Patch management is a part of things working, which is not what gets you any credit or funding. The most basic principle—patchwork systems—is still one of the hardest things to do, and it's broken everywhere. It's a headache and you get no credit even if you fix it. You could make it the best thing in the world and get nothing.
It's funny that we used to call laptops fixed assets because there's nothing fixed about them. They're all over the world, roaming around constantly. There's thousands of them. If I have to touch a laptop to fix it, I'm screwed because I have thousands of them, and during COVID, they're everywhere. I've been in this business 22 years. There have been server patching companies and containerization, etc., which have made patching a lot easier in terms of Kubernetes and doing things to scale, but the user-facing hardware is still in its infancy. This has been our problem for as long as I can remember and it still doesn't seem solved.
You've probably got at least 3,000 devices to manage for a small company.
What makes it worse is that if Kaseya or Teamviewer were to get hacked, then you're totally screwed.