UC Advanced - issue #14

DEVICE SECURITY

Peace of Mind for the Device Fleet ITSDMs (IT Security Decision Makers) are usually responsible for all aspects of device life cycles, from procurement to disposal, and everything in between. HP Wolf Security have released a report that encourages those responsible for IT procurement and maintenance management to take a holistic approach to the entire lifecycle of devices, to keep security risks as low as possible.

The HP Wolf Security Lifecycle report is certainly bedtime reading, spanning 27 pages, and can be accessed here. UC Advanced will attempt to disseminate some of the key messages and advice found in the HP Wolf Security report in 2 pages, but it is worth a read in full. Device Lifecycles The report identifies 5 key phases in a device’s lifecycle:

of the device lifecycle the report terms “Second Life and Decommissioning” and most in the industry would use the catch- all term “Disposal”, and it is assumed that device disposal is safe and responsibly commissioned. Report Findings The report found that through each of the 5 stages of a device’s lifecycle, the threat to enterprise security was increasing, even at the selection phase: l Low-level attack threat levels are increasing n 81% of respondents say hardware and firmware security must become a priority n 35% say that they, or others they know, have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices l Endpoint security is overlooked n 60% of respondents admit the lack of security involvement in device procurement puts their organisation at risk n 48% say procurement teams are like “lambs to the slaughter” as they’ll believe anything vendors say l Error risks increase with manual processes (and time) n 62% say they face a ticking time bomb of misconfigured devices at the hardware and firmware level

2024 HP Wolf Security report

They make sense. Any good IT procurement personnel would continually reassess their vendor choice and supplies partners. Additionally, the whole fleet of devices would be accounted for in inventory control and continuous monitoring would take place to ensure compatibility and efficiency levels were reached. Procurement managers soon assess which devices and vendors they recommend, and those they avoid, based on breakdowns and irate colleagues. Devices with long lifecycles are adored, and investments into devices that are under-utilised are soon curtailed. The end

32

Powered by FlippingBook