Everything you ever wanted to know about security policy management, and much more.
In last week’s blog, we looked at how misconfigured network devices can be a major threat to your organization. We explored how some of the risk of misconfiguration can be mitigated by building an automated change control process that provides visibility, thorough testing and tracking throughout the process.
But that isn’t the complete story. To effectively mitigate against the risk of device misconfiguration – and all of the business disruption and vulnerability to malicious attackers this can cause – your organization needs to work on better aligning business needs with IT security necessities.
Business, IT and Security – the holy trinity
A simplistic summary of the relationship between a business and its IT and security functions will typically look something like this:
In a typical company, the connectivity requirements for business applications change all the time – employees come and go, new users are added, databases are moved and so on. In last week’s blog we looked at how the process for making these changes can be designed to be smooth and effective, and how automating that process from beginning to end is essential to avoid guesswork, human error, and to drive efficiencies.
Nevertheless, even with that clear, intelligent change control process in place, provisioning such change often takes far too long – which ultimately impacts business productivity.
One key problem is that IT security often speaks a different language to the application developers and administrators who request the connectivity changes. ‘What ports and devices do you need open?’ is the kind of information IT security needs to know, but it doesn’t match the terminology used by the application owners who talk in terms of applications and users.
So, in order to bridge the communication gap everyone needs to get on the same page. It can be done, quite simply through visualization of application connectivity.
Creating such a diagram is easier than you might think. In fact it’s actually possible to automatically map and illustrate application connectivity requirements to the underlying business IT infrastructure. This enables all stakeholders to clearly visualize current – and future – connectivity in a fraction of the time it takes to manually map it, and it provides a single unified way of understanding the architecture of applications and how security policy rules operate for disparate IT divisions.
The advantages are:
With everyone on the same page, the change control process can happen with much greater speed, efficiency and accuracy. As more and more businesses move to agile development and deployment, and as the Internet of Things continues to impact on service expectations, it is crucial that businesses plug the communications gap between their developers and their IT security teams.
Receive notifications of new posts by email.