Everything you ever wanted to know about security policy management, and much more.
Welcome to the fifth blog in our special series, Mitigating Gartner’s Network Security Worst Practices.
In my last post, I talked about insufficient focus by IT teams on users and business requirements. In addition, it’s also important to remember that groups within the IT organizations are often misaligned as well, which Gartner refers to as “warring factions” or “us versus them”[1].
According to research, “Within many IT organizations, security is seen more as a bolt-on appendage to IT rather than an integral component that should be baked into all architectures. This leads to end-user frustration and fosters kingdom-building versus deep integration between teams” [2]. “The end results of both intrasecurity and IT organizational misalignments are unhappy users; reduced security; and architectures that are more complex, costly to operate and difficult to scale.”[3]
One area where this misalignment is clearly visible is between the networking and security teams. Many of our customers report frequent “blaimstorming” meetings where these two teams blame each other when things are not working or not progressing quickly enough.
If you have followed my previous posts you have probably noticed I am a big advocate of examining solutions from both a processes and a tools perspective. Although AlgoSec is a software provider, I am the first to acknowledge that a good tool will not fix a bad process. (A well designed software solution can however, force you to rethink and redesign your processes). On the flip side, a good process which can’t be enforced will not go very far either.
So let’s first examine what you can do from a process perspective to address organizational misalignment:
From a solutions perspective, here are some things you should look at to improve alignment:
At the speed of today’s business, and with increased focus on automation, the lines are quickly blurring between operations and security teams – aligning these teams is therefore quickly becoming an imperative – if your factions are warring, don’t delay doing something about it.
About the Mitigating Gartner’s Network Security Worst Practices Blog Series
In this special blog series we’re taking a deeper dive into the network security worst practices identified by Gartner, and are examining how each of the 9 worst practices that we specifically address can be mitigated using automated security policy management.
[1] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.
[2] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.
[3] Source: Gartner, Avoid these “Dirty Dozen” Network Security Worst Practices, by Andrew Lerner, Jeremy D’Hoinne, January 8, 2015.
Receive notifications of new posts by email.