For example, security administrators should see the endpoint configuration, manage agent update cycles, and configure device policies and the firewall. The bottom line is that only people with an apparent business reason should have access to specific information. The security team deals with a lot of sensitive information. Therefore, the principle of least privilege is critical. Implement Role-Based-Access-Control (RBAC) How Can an Organization Improve Its Cybersecurity?ġ.
The time when a security administrator could raise an IT ticket and then sit and wait is long behind us. We need to consider different attack surfaces and tune our preventative controls accordingly. Today, we aren’t just configuring a legacy antivirus and a password policy. While it might have worked in the past to have the IT team manage security controls, modern enterprises are at the stage where that is no longer scalable. Today’s Security Challenges Require a Different Approach Therefore, even when an organization had security administrators, they depended on the IT team for any required change. Essentially, they were using the IT management tool to set up and maintain security. In the past, to configure security policies, teams were required to use group policies, System Center Configuration Manager, or Microsoft Endpoint Manager.
