3 Steps to Fighting Cyber Crime Through Your Application Portfolio

By Jason Ausburn and Karl Fruecht

You’ve acquired a new storefront. While doing your final walk-through, you notice an unlocked door that opens to a side alley. You can’t use the alley for storage. It doesn’t give your customers an additional entrance. It’s just an additional access point.

How are you going to secure it?

Just like your store’s physical footprint, your IT network may have “side doors” in the form of valueless and unused IT assets that cost more to maintain than they’re worth. Each of these doors simply increases your organization’s vulnerability, or its attack surface. The right application management strategy, however, can help you understand not only where you’re vulnerable but also how to fix weaknesses, evolving your approach from a tactical obligation to a strategic business driver.

Define the Landscape

The challenge of maintaining a secure posture with limited resources while attempting to support and enable current business demands is not uncommon. With so many assets to manage, there isn’t much time left for innovation. As a result, security was seen — until recently — as a necessary evil.

However, recent high-profile retail data breaches have highlighted the importance of data security. Stores that can’t protect their customers’ data risk losing their business. As a result, the damage to your reputation may be irreparable. The time is right for IT experts to demonstrate why it’s important to invest in security, how it affects infrastructure and why they need to be part of budget and planning conversations.

To effectively participate in those conversations, however, you need a toolset to help clearly explain the security landscape as well as current and future security plans. Buy-Hold-Sell, a methodology more commonly associated with Wall Street, can be something of a Rosetta stone for your application portfolio. It will enable each business unit, including security, finance and business operations, to use a data-driven approach to crystalize the view of your IT investment.

Buy refers to valuable IT assets that advance business and merit additional investment; Hold means the asset is necessary but neutral; and Sell applies to assets that lack value, cost a lot to maintain and increase the business’ vulnerability to attack.

The Creep

This visibility helps staunch asset creep — the steady, incremental buildup of assets that, over time, lose their value. Sometimes new apps are layered onto obsolete ones without reevaluating which apps drive business, which keep the lights on and which merely increase network vulnerability.

Sprawling IT landscapes takes a lot of time, money and effort to maintain, pulling resources from more valuable, strategic activities. Buy-Hold-Sell allows you to decide whether you want to accept the risk of a particular IT asset. It provides the opportunity to simplify the IT landscape and reduce the organization’s attack surface. At the same time, this practice takes guesswork and blind spots out of the equation.

Build The Trust

Ultimately, security all comes down to people, and in most companies, there are gaps between the people who handle security, the information about the assets being secured and the ability to communicate that information. IT security must evolve from something that’s perceived as a necessary cost to a profit enabler that sets the company apart from its competition and sustains trust from your customers.

Catapult Your Career

When you can provide a single source of truth that everyone can clearly and easily understand, you’ll bridge the gap between business operations, finance and your company’s executives. You’ll cut across teams to help your organization understand the actual cost of security, and you’ll be able to map that cost, and the associated risks, across multiple lines of business.

Once you can do that, you’ll not only clarify your company’s needs, you’ll also demonstrate your own value to the organization. This will better equip you to rise through the ranks of your IT organization. It all starts with IT leaders having the tools and the understanding to know how to keep that side door locked.

Karl Fruecht, Client Engagement Manager, joined KillerIT in 2013 as Head of Engagement. In this role, he is responsible for pre and post-sales, implementation and on-going support engagement. He also leads education and thought leadership activities and frequently presents at Executive Forums, Civic Groups and Training Seminars. Prior to joining Forsythe, Karl helped bring HSBC Securities (USA) into the digital age as Head of E-Commerce. He helped pioneer the firm into the electronic trading age by overseeing the implementation of the first futures trading system, which ultimately became the firms first revenue producing website in the America’s.