Everything you ever wanted to know about security policy management, and much more.
We continue our coverage of Gartner’s Network Security Worst Practices and how to mitigate them.
In this post we’ll cover the worst practice of “Uncoordinated Policy Management” which Gartner also nicely referred to as “firewall roach motel — rules go in, but they don’t come out“[1]. Helping organizations improve security policy management is obviously at the heart of what we do here at AlgoSec. In many ways, I feel this worst practice is really the aggregated result of many of the worst practices we have already covered, such as insufficient focus on business requirements and organizational misalignment. But at the end of the day, most of the ailments that result from poor security policy management are, according to Gartner, due to the “use of unsustainable and nonscalable tools and processes such as spreadsheets[2]” to address an increasingly complex task. As a result the network security policy is cluttered, and processes to add and remove rules are inefficient and error prone.
Here are just some questions we ask organizations that we work with. The reply is usually a nod… and a sigh.
Notice the word “business” or “application” appears in every question. We have talked about the divide between operations and security teams. A potentially bigger divide exists between IT and application teams. This is the root cause of uncoordinated policy management.
Here’s how what you can do to transform the way you manage your security policy:
Policy management is uncoordinated at most organizations, but it doesn’t have to be. With the right tools and processes and, more importantly, with the conviction that things must change, every organization can take steps to make policy management a much more seamless process.
About the Mitigating Gartner’s Network Security Worst Practices Blog Series
In this special blog series we’re taking a deeper dive into the network security worst practices identified by Gartner, and are examining how each of the 9 worst practices that we specifically address can be mitigated using automated security policy management.
[1] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.
[2] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.
Receive notifications of new posts by email.