Much has already been written about the ongoing tension between operations and security. The job of the security team is to protect the company from malicious activities, and that sometimes means shutting down systems. The mission of the operations team is to maximize the company’s ability to do business on their IT systems, including managing software and configurations.
Then, of course, there is the user experience. Have security tools and other changes consumed so many system resources that users cannot perform their functions? Is the memory exceeded the maximum? Are the applications disabled? You need a way to measure user experience to answer these questions.
User Experience Tracking
When something breaks, how do you know? Change control is great but you need a way to measure the impact of the changes made. Let’s say you close 10 vulnerabilities in your endpoints. Are your apps down? Are your systems starting to use more resources? Do you have more systems running at 100 percent CPU than before? Because a system without resources means that an employee is prevented from doing his job.
This is where you need analytics. You cannot just rely on users for reliable and timely information.
Analytics and User Experience
To relieve some of the burden on the service desk, many large organizations give admin rights to all users. They resort to this because they have no way of identifying systems ahead of time which will generate problems.
They have no way of measuring resource usage, which is done regularly on servers but not on user machines. Therefore, they have no clue about the user experience. They don’t have any data except, “Has anyone opened a ticket?”
Performance metrics are a subset of IT analytics and are extremely important. When the security team wants to install more agents, processes can show that user systems are already running at 75% of maximum capacity. Add those new tools and users won’t be able to work. These are the analytics that support business decisions.
Hygiene and cyber analytics for level C.
When it comes to electronic hygiene, the primary question for C-level executives is “Can my users do their jobs?” Many IT decisions are based on IT systems risks that hinder employees’ ability to work. But making these decisions without the backing of data leads to problems.
This is where executive level dashboards can make the most difference. Easily expendable metrics can help executives see at a glance where to draw the line between security and operational risks.
For example, if a leading indicator shows that 20% of regulatory systems are missing critical corrections, this is usually a cause for concern. However, if the dashboard shows that last month’s figure was 50%, the trend is at least heading in the right direction. This is definitely something to watch month after month to ensure the trend continues to improve.
At the same time, if the System Performance Monitor indicator shows ‘green’, indicating minimal outages, that’s all the CEO needs to know that risks have been reduced this month while ensuring solid system performance.
Here are three key indicators that an executive dashboard might include:
- Percentage of systems equipped with essential security tools
- Percentage of systems prone to losing patches
- The percentage of systems running above or below a specified performance threshold – CPU, RAM, disk usage, etc.
If there is a problem at the summary level, executives can alert their IT teams to look into it. They do not need to know the details; They just need to know that the approved standards are not being met.
The importance of recent data
When a problem arises that requires intervention, it is critical that engineers be able to access data in real time on all of their systems in one place. Without it, they have to figure out the scanning systems or wait until they get the next scheduled report. They end up not knowing what is accurate and what is not.
If you’re doing it right, the engineering team should always know before driving. Ideally, before the problem reaches the executive dashboard, it is resolved.
How has the transition to a remote workforce affected the practice of e-hygiene?
Many companies have lost at least six months adjusting to life with a distributed workforce. The information that IT managers need to make competent business decisions has disappeared overnight. When 90% of their workforce shifted remotely, companies with great in-house tools lost sight of everyone working from home.
They couldn’t get data from, update, or even see endpoints that weren’t connected 24/7 to the company’s network. Companies that were unable to connect to endpoints over the Internet lost the ability to collect endpoint data and understand its status. Therefore, from the perspective of analysis and decision-making, they were forced to guess.
Electronic hygiene, zero trust, and a remote workforce
When the pandemic hit, not many companies were able to provide desktop computers or laptops for everyone, so they effectively said, “Use your own device and we’ll deal with the consequences later.” In some cases, critical patches were missed because organizations didn’t have a way to patch remotely.
Without making such difficult decisions, people cannot work and the company will not be able to operate. So, this was the opposite no confidence. It was blind confidence – and hope for the best.
Without good internet hygiene, there is no transition to Zero Trust. With poor IT cleanliness, Zero Trust can stop your operations completely because nothing will be trusted.
A large number of users and devices fall into the “distrust” category. So, before companies buy and try to implement a Zero Trust solution, they need to get the E-Health basics right.
Learn how Manage all the data in your environment And act immediately.