Everything you ever wanted to know about security policy management, and much more.
One of the more interesting phenomena I have observed when working with companies on their network security challenges is that every company feels that their challenges are unique. While this is true to some extent, there are many more similarities than differences between companies. One such similarity is the existence of “Network Ned”.
Who is Network Ned you may ask. It is an affectionate name we coined at AlgoSec for the guy that:
Simply speaking, Ned is a walking concentration of “tribal knowledge”. Oh, and one other noteworthy truth about Network Ned… … S**T will hit the fan when he leaves the company.
If you have a Network Ned and you care about your fan’s hygiene, now may be a good time to start thinking about how you deal with tribal knowledge. It’s not just about a succession plan. There are several business reasons to properly document tribal knowledge:
The best way to document tribal knowledge is (drumroll please)… automatically! Wouldn’t it be great if you had a live map of the network that automatically updates every time a routing table is modified or a new firewall rule is put in place? How about the ability to automatically know if a new firewall rule violates your network segmentation policy or PCI requirements? With a good security policy management solution this becomes a reality.
All you need to do is get Network Ned into the room to:
Once the knowledge exists in a good automated solution – maintaining it should be straight forward, as the solution should be aware of changes that happen on both the network level and the application level, and auto-document these changes for everyone to utilize.
Tribal knowledge should not be the privilege of the few – especially if you want your tribe to flourish when people start getting voted of the island.
Receive notifications of new posts by email.