In terms of attention, it seems that external firewalls see the most action. After all, they’re out there defending the enterprise from all things the Internet can throw at them. Reflecting inwards, toward the core of the network, things are a bit more calm – and trusted. If network traffic is internal, it must be somehow “good” or it wouldn’t have been allowed to enter in the first place, right? That’s hardly the case.
Whether or not internal firewalls and network segments are treated with higher regard in your organization, they need to be front and center – a core part of your information security program. Here are several things you must do to ensure true information security harmony across your network, not just at the outermost layer:
I see organizations – including medium and large-sized corporations and government agencies with dedicated network teams – that are lacking in many of these areas, sometimes all. It’s scary stuff!
Truly reasonable and effective information security covers all aspects of the network. Not just those assumed to be most at risk. Not just those that some regulatory body says have to be locked down. And (especially) not just those that are easiest to secure. Internal network security can be, and likely should be, fairly complex in your organization. How much time, money, and effort are you dedicating to protecting your assets from the inside? It may not be enough. Only you will know.
We’re entering the next generation of security where due care is expected. It’s no longer a convenient excuse that something simple was overlooked. Address the basics. Solve the solvable. Seek out and fix the internal network security issues that need attention before someone – or some event – calls you on it.
Receive notifications of new posts by email.