Every once in a while there’s a news story about a company that suffered an outage due to “an internal process error”. Oftentimes the specific details are not shared, but the consequences are felt – both from a PR nightmare, but also in the organization’s bottom line. While I’ve spent many a blog in the past about the importance of building solid processes and automating firewall change management, today I’d like to take it one step further.
Just as many critical IT functions have evolved to become application-centric, so too must security policy management. Enterprise applications – for example a credit card processing application/service – are at the heart of what makes a business run. It’s what lies underneath – the security policy that allows or blocks connectivity across different network components – that makes it challenging to ensure fast service delivery and application availability.
Extending this challenge further is that many stakeholders are involved in decisions that impact the security of the network and keeping both the network and key applications running to ensure the business continues to run. And these different teams – security, network operations, application owners – don’t speak the same language and have varying levels of visibility and understanding of the security and operational requirements that impact these applications and the network. Application teams may need
infrastructure changes to keep the business running, while security and network operations teams need a clear understanding and technical description of the change that is needed to perform the change in a timely and accurate manner.
Tomorrow at 12pm EDT, AlgoSec is hosting a webcast with AimPoint Group founder, Mark Bouchard to examine why security policy management must not only be automated, but now must also be application-centric.
In addition to examining the above challenges in much more depth and sharing a demonstration of AlgoSec BusinessFlow, the webcast will share tips for:
I look forward to seeing you on our webcast tomorrow and invite you to learn more about how to improve alignment across these different IT teams for better security AND agility.
Receive notifications of new posts by email.
We don not ask your personal information to access any of our resources.