10 Issues of Concern for Part-Time IT Managers
Issue
IT security is no walk in the park, but the job can be particularly difficult for the part-time network manager in a small business. If you've recently inherited your company's IT administration chores, here are 10 security issues to consider.
Considerations
1. Documentation: Brad Johnson, vice president with security consultant SystemExperts Corp., advised part-time IT staffers to write down important policies and procedures. The documentation should describe key procedures — such as scanning systems — and their frequency. The write-up may also include the company's acceptable-use policies. And you don't have to publish a formal manual to get the job done, noted Johnson, who said he's a fan of brevity.
Phil Cox, principal consultant at SystemExperts, suggested launching an internal wiki to deploy documentation. Contributions should come from across the company, not just from the IT manager.
"You can start writing the processes and procedures that probably weren't documented before," he said.
2. Patch management: IT managers should develop a comprehensive patch-management approach that includes all operating systems and vendors, according to Kevin Prince, chief security officer at Perimeter eSecurity. That means thinking beyond Microsoft.
"People just turn on automatic updates from Microsoft and think everything is going to be taken care of," Prince said. "A lot of people have this false sense of security. They need to think of patch management more holistically."
While the Microsoft update service covers the company's operating systems and applications, it won't help if a vulnerability surfaces in the widely used Adobe Acrobat Reader, Prince noted.
3. Compliance: Cox said that individuals new to the security world should find out what type of data the company has on hand — credit card, health care or financial information, for example — then determine the compliance requirements. PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act) are among the regulations and standards that may apply.
4. IT simplicity: Security managers pressed for time don't do themselves any favors if they're running a hodgepodge network.
"You can try to make your network as homogeneous as possible … to make life simpler," noted Cox.
That could mean limiting the number of operating systems or keeping tabs on the different types of Web services in use.
5. Virtualization: Virtualization offers another path to the simplified IT environment. This technology lets organizations partition a server to run multiple operating systems and applications as virtual machines. The move helps consolidate servers, and fewer servers ease the administrative burden — which includes security.
"It's just a practical way of deploying infrastructure that doesn't require as much hardware maintenance," Cox said.
6. UTM (Unified Threat Management): Security technology may be streamlined as well. A UTM appliance combines firewall , anti-virus , anti-spam and intrusion-detection features in a single box.
7. Managed security services: Instead of buying a new box, a technology manager may opt to go in the opposite direction and outsource IT security. Eric Nelson, director of Alteritech Inc., a subsidiary of business and technology consultant Acumen Solutions Inc., contends that security is not a part-time assignment. Outsourcing may be the answer for a small-business IT manager who lacks the time to devote to security.
A managed-services provider can cover security on a full-time basis, Nelson said, freeing staffers to reallocate resources to activities that add more value to the company.
8. Thin-client computing: A small business can scrap PCs in favor of thin clients, an approach that shifts applications and most processing activities to a server. Thin-client computing removes security issues from the desktop, noted Nelson, who has seen an increase in the practice. However, according to Nelson, a move to thin clients is typically driven by cost and ongoing support considerations rather than security.
"Improved security happens to be a really good by-product," he said.
9. Security-awareness training: Employees with at least some inkling of security principles can make an IT manager's job a lot easier. Prince said that the greatest security risk an organization faces is from its own employees. A security-awareness program can make employees less vulnerable to social-engineering techniques and improve security practices such as handling passwords .
10. The security culture: A rising awareness level offers the opportunity to create a security culture . The IT manager shouldn't be the only person worrying about security. An educated employee can not only avoid security gaffes but can contribute to the process of finding and identifying problems.
"Disperse the effort so other people are having to think about security along with you," advised Johnson.
Next Steps
For more on common IT issues, check out one of our many IT-related resource centers, including Networking, IT Security and Servers and Storage.
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more
