Episode 12 — Safeguard 2.2 – Only allow authorized software
Safeguard 2.2 builds on inventory management by enforcing the principle that only approved and supported software should exist within the enterprise environment. Unauthorized or unmaintained applications can become significant liabilities, often introducing unpatched vulnerabilities or violating licensing and compliance obligations. This safeguard requires organizations to classify all software as either authorized or unauthorized, ensuring that only software meeting business, technical, and security standards is permitted to execute. Unsupported or end-of-life software must either be upgraded, isolated with compensating controls, or documented through a formal exception process. The objective is to remove uncertainty—security teams should always know which software is trusted and which is prohibited. Enforcing this standard eliminates many attack vectors, including outdated plug-ins, freeware utilities, and legacy applications that persist unnoticed long after their business purpose has expired.
Operationalizing this safeguard involves combining policy, automation, and governance. Policies should clearly define criteria for approval, such as vendor reputation, update frequency, and alignment with enterprise architecture. Technical enforcement may use application allowlisting, group policy settings, or endpoint protection tools to block execution of unauthorized code. Software asset management platforms can integrate with vulnerability scanners to detect unsupported applications automatically, prompting administrators to take action. Documentation of exceptions, along with associated risk acceptance statements, ensures transparency and accountability. Routine reviews—monthly for larger organizations—verify that authorization statuses remain accurate and that decommissioned software has been removed. Over time, this disciplined approach not only strengthens security but also improves performance, standardizes environments, and reduces maintenance costs. Limiting execution to authorized software represents a powerful example of proactive defense: by narrowing the attack surface before adversaries strike, organizations achieve resilience through control rather than reaction.
Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
