AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Filter by Custom Post Type

Examining the Security Policy Management Maturity Model


Does the following scenario sound familiar? Your network complexity is getting out of hand with too many firewalls, routers, switches, secure web gateways and more, as well as the related security policies. New network security devices with more granular and different types of controls have recently been or are being deployed in the network. At the same time the business is putting more demands on you to manage “ASAP” with requirements changing regularly. You don’t have proper visibility of the security policies, compliance audits are a major burden, you can’t keep up with all of the changes and you can’t possibly know the impact of a security change or risk to a application that is critical to the business.

If any or all of the above sounds familiar, you’re not alone.

Many enterprise networks are too complex, with numerous security devices and thousands of policies that must be managed across multiple vendors, different stakeholders and geographical locations. As new security technologies from different vendors are introduced into production environments, organizations not only have a maturity level in terms of what devices and capabilities are deployed, but also with regards to how the security policy is managed. From our work with more than 1000 enterprises from around the globe, we have been able to gain valuable insights used to craft the security policy management maturity model. This maturity model can help organizations recognize their current environment and to provide a roadmap for simplifying security policy management and gaining the crucial business perspective that is often lacking.

I’m pleased to be joined on a webcast tomorrow with Eric Ogren of The Ogren Group, where we’ll examine the security policy management maturity model and:

  • Explore the challenges involved with managing the security policy such as understanding network topology and traffic flows, application connectivity requirements, risks in the policy, the purpose of each rule in the estate, and much more;
  • Drill down into the benefits that can be achieved at each level;
  • Offer recommendations for moving to a more automated and application-centric approach that involves security administrators, network operations, compliance officers, application owners and senior management.

I hope to see you on the webcast tomorrow and get your feedback on the maturity model.

Subscribe to Blog

Receive notifications of new posts by email.