Just think of the entire software infrastructure Microsoft could eliminate overnight if Windows were more resilient. Anti-spyware, antivirus, personal firewall, anti-phishing tools would all be unnecessary. Nice to dream about, even for just a moment.
Instead, the harsh reality is that corporate IT managers have had to develop elaborate schemes for locking down their Windows desktops, eliminating security weaknesses, and curtailing numerous options that are part of the Windows OS.
There's a more secure desktop OS that's readily available today. It's called Macintosh OS X. Too bad that most corporate IT shops can't use it for their bread-and-butter applications.
Why can't SSL VPNs include NAC?
Speaking of locking things down, when it comes to network protection, popular wisdom has it that Secure Sockets Layer virtual private networks are the best of the current breed. That's why it's alarming that most SSL VPNs can't really protect the overall enterprise network from all kinds of infected computers.
The current buzzword is Network Access Control, or NAC. This is an
entirely new branch of enterprise security that tries to finesse the
fact that SSL VPNs are really good at authenticating users, but when
those users type on infected machines, they have less control and offer a false sense of protection.
NAC is focused on what's running on the endpoint, not just authenticating users. It's a great idea, and it would be even better if NAC was built into SSL VPNs to begin with. While some of the leading vendors such as Aventail (now part of Sonicwall), F5, and Juniper have rudimentary endpoint scanning routines included in their products, other SSL vendors could do a better job of marrying these two technologies.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
