Adopting an application-centric approach to security management: managing resources

In my last post I discussed some of the challenges of maintaining a secure network while simultaneously keeping applications running smoothly. I put forward that the solution is to adopt an application centric approach to security. However, there are some misconceptions that often prevent business from adopting the approach. In my post, I dispelled the ‘lack of maturity’ myth and outlined a strategy for how organizations can overcome this particular misconception.

In this post I am going to discuss the myth that it requires a lot of resources to implement an application-centric approach to security management

Will it require a lot of resources?

The key to an application centric approach is being able to identify and map critical applications and their respective traffic flows, and then associate them to vulnerabilities. This is critical in order to prioritize risk mitigation efforts based on business needs. Yet IT teams sometimes believe that the effort required get this level of visibility is simply too great, in spite of the tremendous benefits to be gained.

Most companies do have some level of documentation for their applications, but it is often located in multiple disparate places and stored in multiple disparate formats, and it’s nearly always out-of-date. Unifying that information and creating a single centralized and comprehensive – and up-to-date – map of application connectivity can seem like a huge task. But once a business understands that  it is not a case of documenting brand new information, and rather collating what already exists – and there are automated tools available to achieve this – concerns around how resource intensive the project will be significantly reduced.

Automation matters

A key issue here is that there is a lack of awareness of the automation tools that businesses have at their disposal to help with their application-centric journey. Solutions such as AlgoSec intelligently discovers and maps applications and their connectivity flows to provide IT teams with enhanced visibility of their applications and security policies – without prior knowledge or expertise.  The data that already exists within the organization can also be fed into AlgoSec, to create a fully functional, dynamic application architecture.  Indeed, this solution is so powerful that in a recent customer meeting, an IT director told me “What you’ve just done in half an hour would have previously taken us 6 months!”

Ultimately an application-centric approach benefits the business

With rising network complexity and increased demands for business agility companies simply can’t afford to maintain the status quo, and they need to take an application centric approach to security policy management. By ensuring that all key business stakeholders are involved, as appropriate, in key decisions, organizations will improve performance and availability of business-critical applications, close security gaps, and dramatically increase responsiveness to changing business requirements.

In my next post I’ll take a look at how the myths around business leaders not being interested in adopting an application-centric approach can be overcome.