Cyber Security Blog Hero

Importance of Cyber Security Essential 8 for Businesses Part 2 - Application Whitelisting

Posted By Dipankar Chakravarty, On 04 Jul 2023.

Tags:
  • Cyber Security
  • Essential 8
  • Data Protection
  • Application Whitelisting
  • Shadow IT

The Australian Signals Directorate (ASD) developed the Essential Eight (E8) framework as a set of guidelines for businesses to follow to protect themselves from cyber-attacks. The Essential Eight framework is designed to be the starting block for businesses which can be further scaled and adapted to different organisational environments and risk profiles. It is a valuable resource for organisations to build their cyber security defences and reduce the likelihood and impact of cyber-attacks. I am going to discuss about Application Whitelisting one of the 8 essentials of the framework in this blog.

WHAT ARE THE EIGHT BASIC MITIGATION STRATEGIES OF ESSENTIAL 8?

Essential 8

I would like to explore application whitelisting colloquially in this blog and not restrict myself to strictly technical jargon. The term application whitelisting is currently being promoted in cyber security parlance. However, it has been in practise in most of businesses nonchalantly. Simply put application whitelisting is set of IT applications which a business adopts and approves to operate the business. It can be a formal policy which is outlined and maintained on a periodic term. However, for a large number of SME it is an informal method where the team adopts what has been working and it becomes the norm.

IT Governance OR Business Governance

Businesses have been using a set of tools that work for them. However, with the advent of electronic commerce and internet commerce, new tools and apps have proliferated in the industry. Some of them are genuinely useful and valuable, but there is a significant number of malicious apps floating around, exploiting the needs of today's employees and managers for better and faster completion of tasks. Even in the case of genuine tools and apps, there is no guarantee if they have been designed securely. This raises the question: Has security been built-in since inception of the application, or functionality was the main focus for the application or tool developer?

This question highlights the need for businesses to adopt a business governance model with IT governance at its core. The answer lies in the fact that innovation is key to success in today's borderless, hyper-competitive markets. Instead of shying away from adopting new technology and tools, business managers should educate themselves about the process of understanding electronic commerce and why and how to adopt, maintain, and control new apps and IT tools. One particular area of concern for any modern business manager would be SHADOW IT.

Shadow IT

Shadow IT refers to the unauthorized or unapproved use of applications, software, or services within an organization without the knowledge or approval of the IT department or the organization's security policies. It typically occurs when employees or departments independently adopt and use technology solutions that have not been vetted or sanctioned by the IT department.

To address Shadow IT in SMEs, implementing application whitelisting can be beneficial. This approach allows only approved and authorized applications to run on the organization's systems. Here are some key points to consider when implementing application whitelisting for SMEs to tackle Cloud vs Hybrid vs On-Premises situations. Modern businesses operate with their IT footprint across various environments, including the cloud, in-house or self-hosted solutions, and hybrid applications. A comprehensive strategy for protecting the business from cyber incidents should address the entire IT footprint.

Implementing Cloud Access Security Brokers (CASBs) :
For cloud scenarios, one of considerations should be CASB solutions. CASBs can act as intermediaries between users and cloud service providers. They provide visibility into cloud usage, enforce security policies, and help prevent unauthorized cloud applications from being used within the organization. Additionally, CASBs can offer data loss prevention (DLP) capabilities and encryption for sensitive data.

Hybrid and On-Premises Applications:
For hybrid and on-premises applications, it is crucial to establish clear policies and guidelines. Develop and communicate explicit policies regarding the acceptable use of technology and applications within the organization. Include guidelines for selecting and implementing hybrid solutions and on-premises applications. Educate employees about the risks associated with Shadow IT and the potential consequences of non-compliance.

By implementing similar point measures for specific scenarios, SMEs can effectively mitigate the risks associated with Shadow IT and ensure a more secure and controlled IT environment within the organization. However, from an initial approach organisation need to develop a more comprehensive framework of continuous mitigation in relation to Application Whitelisting the process involves the following lifecycle.

PROCESS OF WHITELISTING

Essential 8
  • Plan
    • Inventory of Authorized Applications: Start by creating an inventory of applications that are approved and authorized for use within your organization. Identify the applications that are essential for business operations and secure.
    • Assess Shadow IT Risks: Evaluate the potential risks associated with Shadow IT in your organization. Identify the types of unauthorized applications that employees commonly use and assess their potential impact on security, data privacy, and compliance.
    • Establish a Whitelisting Policy: Develop a comprehensive whitelisting policy that outlines the criteria for approving applications and the process for adding or removing applications from the whitelist. Consider involving relevant stakeholders, such as IT, security/risk, and business units in developing and reviewing the policy.
  • Deploy
    • Application Approval Process: Implement a robust process for approving new applications. This process should involve evaluating the security, functionality, and compatibility of the application with your organization's infrastructure. Only approved applications should be added to the whitelist.
  • Train
    • Employee Education and Awareness: Educate employees about the risks associated with Shadow IT and the importance of using only authorized applications. Promote awareness of the application whitelisting policy and provide guidelines on how to request approval for new applications.
  • Measure
    • Monitoring and Enforcement: Regularly monitor the systems to ensure compliance with the application whitelisting policy. Implement mechanisms to detect and alert on unauthorized applications or attempts to run unauthorized code.
    • Regular Updates and Maintenance: Keep the whitelist up to date by regularly reviewing and updating the list of approved applications. This ensures that new versions and updates of authorized applications are included and that outdated or unsupported applications are removed.
    • Ongoing Evaluation: Continuously evaluate the effectiveness of the application whitelisting approach and make adjustments as needed. Stay informed about emerging threats, vulnerabilities, and new technologies that may impact your whitelisting strategy.

Exception vs Business Continuity

When implementing application whitelisting, there may be situations where exceptions need to be made to ensure business continuity. Application whitelisting is a security measure that allows only approved applications to run on systems, preventing the execution of unauthorized or malicious software. However, there can be instances where legitimate applications or software need to be allowed even if they are not on the approved whitelist.

Business impact analysis assess the criticality of the application or software that requires an exception. Determine how essential it is for business continuity and whether there are any viable alternatives available that are already on the whitelist.

Limit scope and timeframe for exceptions to the whitelist. This helps to minimize the potential security risks associated with running unapproved applications. Regularly review and reassess the need for the exceptions to ensure it remains justified and necessary.

Summary

Remember that implementing application whitelisting is just one component of a comprehensive cyber security strategy. It should be complemented with other security measures, such as regular patching, employee awareness, network segmentation, and strong access controls, to ensure a robust defence against cyber threats.

HOW KCS CAN HELP

We offer audits which examines organization’s IT infrastructure, right policies and processes are in place and vulnerabilities currently existing within the IT infrastructure. The objective of the audits is to find any weaknesses that could lead to a data breach. It includes gaps that can be exploited to access sensitive data without authorization and subpar internal policies and procedures that might lead to employees mistakenly or carelessly disclosing sensitive data. To understand better, how to implement and adopt the Essential 8 framework get in touch with us from our website.

KCS Philosophy of engagement