I recent sat down (virtually) with leading IT publication EM360 to discuss the security challenges associated with complex enterprise networks, and in particular the issues that organizations face when orchestrating their security.
During the interview, we discussed how complex organizations’ networks have become in the past couple of years. Many of the companies we talk to are in the process of making their journey to the cloud – which means that in the meantime, they need to manage hybrid environments to provide the networking and application capabilities to run the business, while also staying secure. All of this is a significant challenge for organizations of any size.
When asked where security awareness should start, I made it clear that it needs to be an organizational-wide decision. The process of digital transformation and moving crucial parts of its network estate to the cloud is something that the board really should be aware of, and the board needs to demand that robust security provisions are put in place. Sometimes there is a miscommunication between what the enterprise’s development teams are aware of, and what the security team knows about, which could lead to gaps in security. It is important to communicate what’s happening across all levels and break down any information silos.
Turning security into a strategic business asset
While talking to host Max Kurton, I also shared some advice on how to turn network security into a strategic business asset, and the areas in which caution should be exercised.
Automation is absolutely crucial for security, simply because today’s complex business applications rely on so many moving parts across the enterprise network in order to function. When you are working at scale you cannot afford to operate at the snail’s pace dictated by making changes to one device at a time, which is the case when trying to make those changes manually. For example, I have spoken to customers in the banking industry where it takes 18 business days to implement a network change, simply because of the hoops that the security team needs to jump through in order to make sure they don’t break anything during the change. If that is the situation, then the security team is seen as a business inhibitor.
This is where intelligent automation can streamline the process and only involve human decision-making when it is necessary. AlgoSec’s Security Management Solution is designed to automate change processes to make sure a change request is aligned with pre-approved application and security rules. If it is, the change is rolled out, with the solution automatically updating every relevant security device to ensure security and compliance is maintained at all times. If the change does not align with those pre-existing guidelines, the process is flagged up to security analysts to be reviewed and amended. And of course, the solution records every change and update, so that these can be subsequently reviewed by internal or external parties. So, everyone wins: pre-approved changes are implemented without unnecessary delays, and the security analysts only review requests that are exceptions to the guidelines.
Choosing a solution that has true multi-vendor compatibility enables organizations to manage their complex networks and security estates from one single pane of glass. If you have that, your information security teams have a holistic, uniform view of what is going on, which also saves them from too much vendor lock-in. Business application awareness is also crucial to understand what’s powering your organization, and who is in charge of those applications. Understanding that level of business intent, and connectivity that is required to run those mission-critical applications is so important to the daily lives of IT engineers – to ensure that the work they do truly enables and supports the business.
You can listen to my episode of the EM360 Tech Podcast here.
Receive notifications of new posts by email.