Everything you ever wanted to know about security policy management, and much more.
Compliance – it’s that dirty word that any free-thinking IT professional hates to hear. But like it or not, compliance is a reality of doing business today. One of the biggest problems that I see related to compliance is how it’s treated like a checkbox. Firewall? Check! Access controls? Check! Encryption? Check! And so on. In many cases, the people checking these checkboxes are completely disconnected from the actual firewall administration function and security altogether. The mode of operations is: So and so says that the firewall is secure, so we’re good to go. Not so fast – reality’s not that simple!
Regardless of how compliance is perceived and managed in your organization, there’s no doubt that it’s creating a false sense of security among decision makers. Here are five firewall security oversights and gotchas in the context of compliance that you need to be on the lookout for:
In many situations, internal auditors and compliance managers are looking at IT and security staff for assurance that everything is in check on the network. Conversely, IT and security staff often lean on auditors and compliance managers to fill out the compliance paperwork. Yet, when a fresh set of eyes is brought into the organization it’s pretty clear that neither party is truly communicating with one another, and there are big risks that management doesn’t even know about.
So my advice is don’t go through the motions with compliance and assume that all is well simply because the people and paperwork are in place. Minimum standards aren’t enough. Step back and take a fresh look at how compliance and, better yet, security is being managed in the context of your firewalls. I’ll bet you have gaps. Everyone does. Acknowledging the weaknesses and actually doing something about them as they crop up is what will set you apart from the people who assume all is well and end up getting bitten.
Before you go, don’t forget to take the AlgoSec survey on the State of Automation in Security Automation!
Receive notifications of new posts by email.