Dont Know How to Stay on Top of Corporate Security Policy Compliance? Start by Baselining your Environment

For many IT security professionals, compliance goes way beyond meeting regulatory standards. Increasingly, many companies, particularly those in the financial sector, have taken a harder stance and require compliance with their own stricter corporate security standards and industry best practices to minimize the risk of cyber-attacks. These corporate standards are often updated following a well-publicized security breach—which means that lately there have been a lot of updates.

So, how do you ensure continuous compliance with your security policy across a complex enterprise networks, with hundreds of firewalls, without being inundated with data or caught chronically behind rapidly changing corporate security standards? Start by baselining.

Baselining allows you to determine where your system stands in relation to your corporate standards. With the right tool, you can define your security requirements a profile, then automatically generate a report that shows you–at a glance–which elements or devices do not comply. You can continuously adjust the baselines as new security requirements come out, so you can keep the network compliant in near real time with a minimum amount of hassle. The solution should also be able to alert you as devices fall out of compliance in real time!

For instance, corporate standards can decide to eliminate local username and password authentication for remote access. Before you switch that off, you’ll want to verify that your authentication, authorization and accounting (AAA) is configured consistently across the board, and all routers authenticate with a TACACS+ or RADIUS server. A baseline tool will allow you to build these specifications into your profile, and then automatically check for compliance and produce a report card that shows which devices do and do not meet the standard, so you know almost instantaneously which ones to fix. Once they are all in compliance, you can upgrade to the more secure access method knowing you haven’t left any other access method open and that you haven’t inadvertently disabled remote access for an approved user.

As corporations increasingly focus on securing their systems and data against malicious hacking in addition to simply meeting regulatory requirements, IT professionals will find themselves in need of regularly evaluating their networks for compliance. Baselining keeps your system in step with changing corporate security standards—and one step ahead of the next cyber-attack.