The Minimalist Approach to IT Security

18 August 2014

When it comes to USB device security everyone starts talking about tools immediately. A tool for locking or disabling the USB devices, a tool for encryption of devices, etc. Small and smart tools, integrated in a smart big management solution to simplify end point administration. And each tool installs at least one agent on the end point which ensures that the latest policy changes are downloaded in due time.

Today, tools are necessary for efficient administration of the complex IT systems we run to support businesses in executing their strategies. Unfortunately every smart tool adds complexity to this IT systems.

In addition, with every new tool the attack surface of our complex IT systems increases dramatically. Why?

  • Tools are not error free. Every tool comes with some unknown vulnerabilities that could be used by attackers to get unauthorized access to our systems.
  • Tools, in particular the agents, are communicating with lots of other tools. In this highly connected tools universe it is very likely that new vulnerabilities are created from a combination of vulnerabilities of each tool.

This holds for every IT task we support by tools, and in particular for the security related tasks.

Therefore I am in favour of the minimalist approach:

(1) Use as few tools as possible

(2) Check first, if the problem could be solved by existing means

For the USB devices:  Try to use a group policy and awareness training before implementing a new tool.

Simplify your Life!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s