New innovations such as the cloud and increased security risks have changed the role of the IT department drastically over the last few years. Businesses have moved from primarily using traditional applications to web-based and cloud apps which in turn has added complexity and new problems for IT teams to deal with.
To better understand the challenges facing today’s IT teams and learn more about how ManageEngine is helping businesses manage their IT, TechRadar Pro spoke with the company’s president Raj Sabhlok.
- Digital transformation is putting security at risk
- A recipe for avoiding disaster in the cloud
- Cloud security and the evolution of attack methods
Can you tell us a little bit about ManageEngine’s 2019 User Conference and the topics that will be covered at the event?
Sure, let me begin by putting our user conferences into context. At ManageEngine, we’ve always strived to counter the incumbent IT management providers and huge software companies, such as IBM, HP and others. Those companies traditionally have put customers through overly extensive sales calls before they could use their products. We felt it didn’t need to be that complex and could be more transparent. One of our key differentiators has become our ability to give the customer the product to try it out and see if it worked for their team and organizations. This has worked so well that we’ve built a fairly large business without needing to talk to customers directly. They can simply go to our website, download products and even pay online.
What we figured out was that we were missing valuable interaction with our customers. We knew there was a lot of meaningful reasons to talk face-to-face. As such, we kicked off our user conferences 10 years ago. It was amazing and enlightening for us. To this day, the user conferences gives us a chance to meet with customers, understand how they are using our products, learn first-hand about their challenges and use this to guide the development of our product lines.
These events also provide our customers with the ability to learn who we are as a company, culturally what we stand for and discover all the elements that make us unique compared to most technology companies. We are truly focused on customers first. Profits are important, but customers are paramount. We make it a point not to overcharge for our services or lock customers into large, overpriced contracts. We want customers attending our events to understand how passionate our team is, have a chance to network with peers and learn industry best practices to further their own careers.
This year, we’re working with our customers to address today’s most prominent IT challenges, including IT’s role in the cloud era, best practices for digital transformation and the related issues that apply to their jobs in ITSM, log management, password management, and many more.
How has the role of the IT department changed in the cloud era?
The industry has been talking about the cloud for close to 10 years now, changing how we procure and use technology within organizations. It is also changing how IT needs to look at the management of their technology. In the past, it was common to have a full stack of applications underneath IT’s control. SaaS has changed the role of IT professionals by taking responsibility for the administration, maintenance, and even security of various applications. This can now be offloaded from IT teams.
As a result, IT teams must now focus on integrating SaaS applications to avoid the duplication of data entry. It is IT’s job to figure out how these applications will fit into an organization’s current infrastructure, as well as the rest of the applications that are currently in place. This is done by asking the right questions, understanding if these applications have APIs and, if not, knowing what kinds of integration points are available. IT teams must now understand how it's going to all be glued together.
What advice would you give to businesses looking to get the most out of their digital transformation journeys?
At a macro level, over the last few years we see that IT teams are better aligning their activities with a company’s overall business objectives. This has increased their batting average regarding successful projects, as IT teams are working on much more defined projects and digital transformations. They clearly know the problem and then can deliver a solution. Believe it or not, a lot of companies in the early days would have a solution looking for a problem. That has now switched, which is a positive development.
Additionally, alignment with business objectives has allowed IT teams to take on much more bite-sized projects. Historically, the trend was to go after mega projects, which often resulted in failure. Digital transformations are typically talked about as huge undertakings, but they can be relatively small and not inherently risky. For instance, a company bring in a new messaging platform, like Zoho Click, that may deliver huge benefits for communication and collaboration, but is not that difficult to roll out and can be hugely, positively impactful. That is our recommendation these days: go for the digital transformation projects that are small victories. IT teams don’t need to take on large projects every time. Incremental successes are the way to go.
How are businesses failing when it comes to protecting the security landscape of their organization?
Companies need to make sure they are setting the right priority for security. We hope most companies have gotten the message around the importance of security, especially coming from the highest levels of an organization from the board on downward. When customer data is exposed, it can be a life-threatening incident for businesses. Setting the right priority and acknowledging that organizations will have security issues is fundamental to protection.
Additionally, the focus should be on how to limit the scope of any security breach that happens, whether the origins are internal or external. Lastly, it’s critical to apply forensics to incidents, so you can learn from them and apply safeguards in the future.
What are some ways in which businesses can secure the applications used by their employees?
App security is unique within the IT realm as it encompasses the entire gamut of security, from communication, data, and networks to the devices used for working with the applications. IT admins face steep challenges when it comes to applications, from ensuring containerization, data encryption, and application white listing to establishing a secure channel for apps to access sensitive business data. These challenges are exacerbated by the use of multiple device types, multiple platforms, and multiple manufacturers.
Unified endpoint management is probably the best way to achieve optimal app security. This would include measures like containerization to ensure corporate data gets sandboxed into separate containers, preventing users from accessing data they are not authorized to see. This is especially useful in case of mobile devices, the device of choice for remote users.
It's also important to secure data using common encryption technologies such as FileVault and BitLocker. When you encrypt corporate data on work and personal machines, any the impact of any unauthorized access or data theft is greatly minimized because the data is essentially useless.
With organizations across the globe witnessing a spike in remote users, there are cases where apps need to access corporate data from outside the corporate network. Setting up dedicated app-specific VPNs ensures a secure channel for corporate data access every time the user accesses the app.
App blacklisting ensures any unauthorized app gets automatically removed from the devices and prevents their subsequent installation. Gatekeeper is often used to prevent app installation from unapproved sources.
All of these tactics are of little use, however, without a dynamic app management policy, drafted after comprehensively understanding end user needs and carefully monitoring the enterprise environment. Draft that policy and educate your uses so that they adhere to it.
What insights can firewall logs give an organization’s IT department?
For our customers, firewall logs play a critical role in network security. By monitoring, recording, and analyzing their firewall logs on a regular basis, they can gain network insights on a variety of topics, including threat intelligence, bandwidth usage, regulatory compliance, and capacity planning.
Detailed analysis of the logs provides critical network intelligence about attempts to breach security, ultimately allowing IT practitioners to minimize security threats like network intrusion, virus attacks, and denial of service (DoS) attacks. Firewall logs provide valuable information about bandwidth usage, employee internet usage, bandwidth guzzling web sites, and interface wise traffic, all of which help identify and stop bandwidth misuse. Analyzing the logs also helps in identifying trends in the internet usage, enabling network administrators to plan bandwidth capacity effectively.
Different countries have different regulations on how long logs need to be stored for legal and auditing purposes. In case of a security breach, these logs are critical for law enforcement authorities to identify and analyze the reason for the breach.
Can securing web browsers really improve employee productivity? How?
Securing web browsers can definitely help improve employee productivity. The web hosts tons of distractions and malware. And some malware, like ransomware, can lock employees out of their computers until a ransom is paid.
Securing browsers can help prevent users from landing on websites that could potentially cause harm. Enabling web filters, such as allowing users to access only trusted applications or isolating browsers and opening trusted applications in current browsers while isolating unauthorized websites in a virtual browser can secure web access. Employing certain browser configurations like safe browsing in Chrome browser and smart screen filter in Internet Explorer and Edge can help prevent users from accessing websites infected with malware.
- We've also highlighted the best internet security suites