Applied cybersecurity
Centralization is an important element of cybersecurity with respect to implementing preventive and detective controls and responding to cyber breaches, especially when considering enterprise-level systems with huge numbers of desktop computers, laptops, and mobile devices.
Centralised device management
Desktops. Modern operating systems are fortunately feature-rich in terms of security features. Centralized management is a key way to control and orchestrate key security features. The ability to ‘push’ security protocols, software updates, and security update ‘patches’ to remote users enables the scalability of security for large enterprise-level systems. Centralization also provides the ability to maintain a directory of user profiles that enables users to access their information from multiple locations.
Laptops. While many security features are common between desktop and laptop computers, the inherent mobility of laptops, especially the risk of lost or stolen devices, presents some unique challenges. Whole-disk encryption, whether a feature of the operating system or an endpoint product, is an essential feature to ensure the security of data on laptop products.
Mobile devices. There are third-party mobile device management (MDM) products to facilitate centralized management of such devices. Some companies consider it important to have company-owned devices and will implement a configuration profile that prohibits the download of non-company applications.
Many companies now have bring-your-own-device (BYOD) programmes. To ensure security for these employee-owned devices, companies require employees to submit those devices for company-wide management, similar to laptops. To allow flexibility in the implementation of security policies, companies can create different configuration profiles for different classes of users for their mobile devices.
Removable media and backup storage. A common cyber threat is the infection of removable media such as USB flash drives and thumb drives. Removable media can also include external hard drives and tape drives used for back-ups. Strategies to mitigate this risk include preventing their use, installing anti-virus/anti-malware tools that will actively scan for issues whenever removable media are used, and encrypting all media and devices.
IoT sensors. In recent years, internet of things (IoT) applications have not only become essential in many industry sectors, but also in smart home devices, medical devices, and more. Accordingly, IoT sensors should be included in enterprise cybersecurity policies and centralization strategies, in addition to the more common endpoints of computers and devices.
Container applications: Creating a ‘world within a world’
Containerization is useful for securing data on mobile devices. It involves encapsulating an application in a container with its own operating environment.
Containers allow you to isolate software written for your company environment, so employees do not need to use the device applications for company data. The container is entirely encrypted so you can keep your company data in the enclave and keep personal data out. These are popular for enterprise deployments, especially for basic services such as exchange email, calendar sharing, and so on.
Network configuration
Another critical component companies use to enforce policies across the spectrum of corporate networks (including desktops, laptops, and mobile devices) is network configuration. The value of these network-level controls is that they are exceedingly difficult to circumvent.
Network firewalls. Pre-defined policies about who can access what can restrict access to social media or other categories of websites. Access control lists implemented at the network level can provide people with access to sites that may not be allowed to others. The communications team, for example, may be authorized to have access to social media sites for company purposes.
Application firewalls. In addition to firewalls for network data while activity is occurring (intended to restrict access to authorized individuals), application firewalls can also be used.
Antivirus and endpoint products. In addition to centralized security-feature management, ‘endpoint products’ also are commonly used by most organizations to augment the features the operating system provides. Endpoint products are especially valuable in ensuring security in enterprise-level systems accessed by multiple users, from multiple locations, with multiple devices. These products can ensure compliance with the organization’s policies and standards in addition to verifying the integrity of application products and detecting viruses, blocking activity if issues are found.
Network segmentation. Many companies are implementing network segmentation which divides a broader IT network into smaller, distinct sub-networks, which can have their own specific policies and security requirements. Examples of this include the creation of a secure guest network, work-from-home access, and isolating IoT devices.
Zero-trust architectures. Rather than assuming that everything behind the firewall is safe, the zero-trust assumption is that a breach has already occurred. Therefore, each user, device, application, and transaction are subject to continual verification as though it originated from an open network.
Zero-trust fundamental principle:
Never trust
Always verify
One zero-trust model is the Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model which encompasses the following five pillars that span four stages — traditional, initial, advanced, and optimal:
Identity
Devices
Networks
Applications and workloads
Data13
The CISA model also includes the following capabilities that support integration and interoperability of functions across the pillars: visibility and analytics, automation and orchestration, and governance.
Centralized monitoring
Fortunately, as enterprise systems with hundreds or even thousands of laptops have become the norm for organizations, centralized monitoring of systems activity has also evolved. Important components of centralized monitoring include:
Event logging and aggregation. All modern computer operating systems keep a ledger of their activity: Who logged in? What programmes did they run? What files were accessed? What were the failures as well as the successes? Operating systems’ event logging is largely superficial. However, it is still essential for administrative and accountability purposes as well as potential forensic use.
Security information and event management (SIEM). SIEM systems have been developed to make event monitoring more effective. SIEMs analyze all the available data and look for specific patterns that might suggest an attack or security compromise.
Security operations centre (SOC) functions. SOC functions have a number of components, including incident response planning and testing, as well as threat intelligence, which involves monitoring both external trends and potential insider threats.
Security orchestration and response (SOAR). SOAR systems are platforms that collect security data from various sources, including SIEMs. SOAR systems automate routine responses and help prioritize incident response (IR) actions.
AI governance
As AI adoption becomes more prevalent in organizations, the need for AI governance and oversight becomes increasingly important to ensure ethical, legal, and responsible deployment of AI among employees. Key elements of AI governance policies include:14
Strict approval policies for AI deployments
Use of AI governance technology
Use of AI governance frameworks
Employee training on AI risks
Regular audits for unsanctioned AI
Adversarial testing
Effect of shadow AI
$670k — added cost of a breach when high levels of shadow AI are involved versus low levels or none
Source: IBM Cost of a Data Breach Report 2025