AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

Mind the Security Gap – It Is Your Job

by

Welcome to the seventh blog post in our special series, Mitigating Gartner’s Network Security Worst Practices, which discusses security blind spots.

We all know that managing security is more demanding than ever before. We’re being bombarded with cyber threats, our highly complex environments are constantly evolving, and we face relentless demands to deploy or update enterprise applications impossibly fast in order to maximize our business’ productivity and ensure that it remains competitive.

So it’s no surprise, as Gartner says in its research report, Avoid these “Dirty Dozen” Network Security Worst Practices, that “most security gaps are already known by the security team, but have not been addressed because of other priorities”[1]. But claiming that its “not my job” [2] or that you don’t have the time to address security gaps is not good enough anymore and isn’t going to hold water when you’ve been breached or when a critical business application suffers an outage –as many CIOs who have recently lost their jobs will testify.

One solution is to use automation. Automation frees up time—so automate as many security functions as much as possible. Automation also reduces errors, streamlines processes, and aligns IT teams towards common goals – which goes a long way to identifying and bridging security gaps. And with automation you can build critical steps into security management processes that will plug known gaps—steps which might otherwise be overlooked or forgotten if security professionals are too busy to do them manually.

Another way help ‘mind the gap’ is by unifying security management as much as possible. Having a single solution that provides holistic, real time visibility and enables unified security management across your entire on-premise, virtual and cloud environment makes it much easier and quicker to identify and address gaps, risks and opportunities within your security strategy.

A unified approach to security management also helps plug security gaps created by “shadow IT”, i.e. when R&D groups bypass IT and security and spin up servers and applications in the cloud usually for development and testing purposes. With unified approach to security policy management, everything is seen and nothing can slip under the radar—and IT will no longer be responsible for mitigating risks for applications it doesn’t know exist.

In the report Gartner specifically calls out application security, mobile security, and public cloud platforms, among others, as examples of where security is “too thin” [3] and therefore creates blind spots. And in a recent AlgoSec survey, two-thirds of organizations said that security across the public cloud poses a significant challenge due to lack of visibility, tools and workflows.  Automation and a unified approach to security management will go a long way to addressing these risks and strengthening the security posture of companies with hybrid environments.

About the Mitigating Gartner’s Network Security Worst Practices Blog Series

In this special blog series we’re taking a deeper dive into the network security worst practices identified by Gartner, and are examining how each of the 9 worst practices that we specifically address can be mitigated using automated security policy management.

[1] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.

[2] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.

[3] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.

Subscribe to Blog

Receive notifications of new posts by email.