The basis for creating and maintaining good internet hygiene is analytics. I think it’s this way. Analytics provides the information you need to function healthily.
Analytics is about maintaining your ability to discover relevant data and making sure that endpoints provide the right kind of report when queried. Analytics provides the hard numbers and data needed to measure network performance. This information is equally important for operations and security.
cyber hygiene Creates a process to continuously identify assets, risks, and vulnerabilities across the environment and quickly fix them at scale. It is an essential effective course for enterprise security and systems management. Analytics is the exact measurement of what is going on in your system. Cyber hygiene uses that data to maximize business productivity.
Analytics in action
Examples of analytics-based e-health are metrics such as mean time to correct (MTTP) and mean time to process (MTTR) for vulnerabilities. Many organizations track MTTP to ensure they are under a certain limit per month. This supports compliance with industry-specific regulations such as the Payment Card Industry (PCI) Standard, HIPAA, or another set of guidelines.
Other metrics that apply to E-Health could be patterns, credential authentication, who is logging in, and where. These also apply to security.
Building and implementing an e-health culture
Electronic hygiene begins with a complete vision. What is in the environment? How many endpoints? On the initial check, many of our customers were shocked by the number of devices in their environment that they knew nothing about.
The Center for Internet Security (CIS) contains a list of security standards, the most important of which are:
- What is connected to my network?
- What works on my devices?
These two criteria are equally important for operations and security. Unknown and unmanaged devices increase vulnerabilities because if they are not known and managed, they will not be patched.
IT Analytics for CIO
For CIOs, the analyzes should clarify what IT issues are impacting a business service or revenue-generating application. IT leaders need metrics that evaluate service performance over time. How many application crashes, CPU and memory alerts affect the IT components that provide the service? And on the other hand, how does it affect the user experience?
Another important metric for CIOs relates to cause and effect. Do 30% of users experience performance issues or app crashes after making changes during the maintenance period? This level of IT analytics is very important on the business services side as well as employee experience.
Old data = inaccurate data = bad decisions
The value of IT analytics starts with the quality of the data. Most organizations survey their environment every month or every three months. However, if the data is a week old in a rapidly changing environment, the decisions they are based on will be wrong.
From a best practice perspective, you want the most up-to-date information you can get to make the right decisions in the present, not the right decision two weeks ago.
The disconnect between tools and politics
Recent analyzes and data can highlight the disconnect between tools and policy. People become attached to certain tools, so it is very common for them to set policies about what their tools can do rather than what the situation requires.
For example, some companies have a 12-hour maintenance window to get their machines fixed and running. The maintenance time is 12 hours because they can’t do it faster with their tools.
However, there are tools that can do this faster and more efficiently. Management sees the commercial value of that. Engineers, not so much. It often takes a business driver — backed by data — to force change.
Electronic hygiene in distributed environments
Work from home (WFH) has added more complexity to electronic hygiene tasks and a greater need for analytics. The tools companies use have not been able to provide visibility or manage endpoints outside the corporate network.
IT wouldn’t have seen unless users were on a file Virtual Private Network (VPN). Therefore, they had no way of effectively spreading the files to them, which meant that they could not patch or control them.
Network VPNs are designed with a certain set of license accounts that can be updated fairly quickly, but hardware that supports a VPN connection is something organizations often don’t plan for, especially not for the 80, 90, or 100% of their workforce that works over a VPN. .
VPN bandwidth issues have led to a major move to SaaS applications. This reduced the burden on VPNs and allowed employees to use their own internet access to get their work done. But Tools as a Service complicates the vision equation. Who uses what? Many of these tools do not require local purchase or installation, so maintaining visibility is a challenge.
The ultimate goal: a safer and more effective organization
The responsibility to ensure good e-health should be an enterprise-wide position supported and implemented by your security and operations teams. Analytics is one of the tools that makes rational and effective policies possible and helps operations and security to ensure that they are followed.
Learn how Take control of your organization’s data To lay the foundation for electronic hygiene.