AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Filter by Custom Post Type
Posts

Understanding the Link Between Business Applications and the Security Policy

by

Every once in a while there’s a news story about a company that suffered an outage due to “an internal process error”. Oftentimes the specific details are not shared, but the consequences are felt – both from a PR nightmare, but also in the organization’s bottom line. While I’ve spent many a blog in the past about the importance of building solid processes and automating firewall change management, today I’d like to take it one step further.

Just as many critical IT functions have evolved to become application-centric, so too must security policy management. Enterprise applications – for example a credit card processing application/service – are at the heart of what makes a business run. It’s what lies underneath – the security policy that allows or blocks connectivity across different network components – that makes it challenging to ensure fast service delivery and application availability.

Extending this challenge further is that many stakeholders are involved in decisions that impact  the security of the network and keeping both the network and key applications running to ensure the business continues to run. And these different teams – security, network operations, application owners –  don’t speak the same language and have varying levels of visibility and understanding of the security and operational requirements that impact these applications and the network. Application teams may need
infrastructure changes to keep the business running, while security and network operations teams need a clear understanding and technical  description of the change that is needed to perform the change in a timely and accurate manner.

Tomorrow at 12pm EDT, AlgoSec is hosting a webcast with AimPoint Group founder, Mark Bouchard to examine why security policy management must not only be automated, but now must also be application-centric.

In addition to examining the above challenges in much more depth and sharing a demonstration of AlgoSec BusinessFlow, the webcast will share tips for:

  • Improving the visibility of complex application connectivity needs
  • Bridging the gap across stakeholders – Security,Operations, DevOps
  • Understanding the impact of firewall rule changes on applications
  • Translating application connectivity requirements into firewall rules
  • Ensuring a tighter security policy and the safe decommission of applications

I look forward to seeing you on our webcast tomorrow and invite you to learn more about how to improve alignment across these different IT teams for better security AND agility.

Subscribe to Blog

Receive notifications of new posts by email.