Good system management not only requires managing the systems themselves, but requires careful planning to make systems interact with each other, auditing of the systems once the systems are built, and proactive maintenance of all systems. Organizations also rely on organizational policies, such as Acceptable Use Policies to bolster the technical aspect of system management. This course explores many of the behind the scenes requirements of good system management. The first half of the course covers how to build security into system management process and the organization policies necessary for any enterprise to follow. The latter half of the course focuses on auditing and maintenance of systems once they have been designed, and implemented. By the end of the course you should be able to design and construct organizational policies based on a set of requirements, audit a system based on those requirements, and make sure systems adhere technically to the set of requirements.
If you build it - they will get around it
Loading...
Del curso dictado por Sistema Universitario de Colorado
Planning, Auditing and Maintaining Enterprise Systems
10 ratings
Sistema Universitario de Colorado
10 ratings
Curso 4 de 4 en SpecializationComputer Security and Systems Management
De la lección
Planning for an enterprise system environment
How do enterprises deploy systems? They plan!
Conoce a los instructores
Greg WilliamsLecturer
Department of Computer Science
[MUSIC]
In today's lesson, I'll talk about if you build it, they will get around it.
Now, what do I mean by that?
Well, I mean that if you build IT, somebody doesn't like something and
they will eventually go around you if they don't like it.
I've seen this numerous times where we put something in,
people to like it or they get to campus.
They don't like something.
They're going to bypass whatever you were doing and use whatever they want to.
Well, that's inevitable in IT.
So, we need to partner with our stakeholders to make sure that
we're not placing undue burden on are users.
So today, we'll talk a little bit about understanding what undue burden is in IT.
Understand that information technology is a hard job to do to please everyone and
explore how IT departments can partner with their stakeholders.
Information technology is a hard job.
It takes a lot of people to do a lot of different things and
it's also a very hard job to make everyone happy.
The more users that you have,
the more you're going to have to satisfy the needs of everyone.
So, you can't do that to everyone all at once.
So, let's talk about Office 365 and G Suite.
They're two very competing technologies.
One's Microsoft.
One's Google.
They have very robust platforms, but
somebody that may be used to G Suite may not like Microsoft and
someone from Microsoft may not like the Google applications.
So, it's a balance.
How do we provide everything to everyone and make people happy?
Several years ago, we had a Network Access Control product, a NAC.
Well, NAC is great for
securing the Enterprise for security reasons.
It was a very black and white system.
We had it on our wireless network.
It provided or it ensured that users were up to date on their
operating system updates and also that they had antivirus installed,
it had it's updates and it was running.
It was a very black and white system.
Unfortunately, users didn't like that, because guess what would happen
on the first day of class or after Microsoft Tuesday, for example.
Students would come in or faculty would come in, they would open up their laptop.
They would connect to the wireless network.
And because they had to install those updates,
the NAC kicked them off the network and then they had to transition to
a different network in order to be quarantine to download their updates and
they got kicked off the network again and rescanned.
And then finally, they were allowed to join the network again.
So, that process may have taken 15 to 20 minutes.
So, that was an example of placing undue burden on your stakeholders.
Do we absolutely need that kind of security for the general population?
Well, yes, we need some type of security.
Maybe we should also look at other types of products that allow us
to be more flexible and not so black, and white.
So what we did is while we had a 45 to 55%
split where 55 was the insecure network,
users were actually jumping on to our open network and using VPN.
So, they were effectively bypassing the security
controls that we put on the secured network and
45% were on the actual secured network.
That was a big problem.
We put the secure network in place for people to remain secure.
So what happened, we evaluate some other products and
we found a product that would allow us to have grace periods.
So, they log in to the classroom.
They open up their laptops and jump on the network and it says,
hey, you've got three days to update your virus definitions or
you've go three days to update your operating system updates.
This is much more flexible.
So what we saw is a shift from that
45% secured network to 90%
adoption of the secured network,
because we weren't placing that burden on the users.
The burdens happen all the time.
IT implements something that the users don't like.
I have to change my password every 90 days or I have to change
it to a longer password, or I can't use my last 5 passwords.
How am I supposed to think of a new one?
These maybe burdens on users,
but we also need to explain some of these burdens and why we have them.
Maybe we could go with a longer password and not have to change it so often.
It's a balance.
The more burden that we put on users,
the more they're going to try to get around it.
And if we try to lock down resources,
the more users are going to try to get around it.
So, would we rather know that users are trying to get around it and
using different technology?
Or would we not like to know at all and have a data leak?
Corporate data needs to be protected.
However, we need to have a balance.
Let's talk a minute about do's and don'ts of support.
Do partner with your stakeholders.
Get their feedback on systems.
Get what they don't like or what they do like.
Come up with a sustainable model for security.
Understand that users don't understand systems the way you do.
I understand completely how things.
Well, not completely, I guess.
I understand mostly how things work in the IT realm.
However, users don't.
So when I had seven different devices which I typically
connect to on a regular basis, daily.
Accessing email when we switched email from on-premise to Office 365 and
the transition was smooth for me, I thought, great.
This is going to be perfect for end users.
It wasn't so perfect for everyone else.
So, think about I am only one person.
How are we going to transition this to the other 30,000,
40,000 accounts that we have?
Be transparent.
Transparency in IT is critical.
We need to let users know what we're doing.
How we are doing them and
partner with our stakeholders to make sure that we are doing the right things.
Put a logical plan in place as well, so
that users understand what you are going to be doing.
Don't release software that doesn't have any support behind it.
Don't release services without proper documentation and
also don't release services that put undue security
burdens on employees just because you can.
So in conclusion, IT produces a lot of technology.
However, they need to be a partner with stakeholders.
They need to be a partner with users in general.
If you place undue burden on users,
they're going to go around the IT department.
This is where we have shadow IT happening, you lose control.
So, partner with your users.
Make sure that they are happy.
Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.
© 2018 Coursera Inc. Todos los derechos reservados.
