Preventing bad guys from compromising an organization has historically been executed based on a basic concept: establish a perimeter, and control who and what goes in and out. This concept has stood the test of time. In medieval days, guards depended on moats. In the digital age, IT professionals deploy firewalls. Simple, right?
If it were twenty years ago, or even ten, I’d say yes. However, today’s threat landscape is evolving too quickly, and security is becoming more complex. We now live in a world in which every IT element requires its own point solution to keep it secure – devices require endpoint protection, networks require firewalls, applications require multi-factor authentication or web application firewalls, databases require encryption and monitoring, etc.
Each point solution then requires its own hardware, software and policy, which then feed into a security event information management (SEIM) platform so IT professionals can try to keep tabs on all activity happening within all systems. Not only is this creating a tangled web of security technologies to navigate, but it’s also exhausting IT teams and creating more entry points for hackers.
In theory, the idea of individually securing each IT element sounds effective. It makes us feel safe to think that our security is custom fit to the tools we rely on every day to get work done. However, because security technologies tend to be deployed in response to immediate threats and organizations don’t want to be left completely vulnerable while making updates, you end up layering new technologies over outdated ones to address specific needs as they arise. Hackers love this dynamic because all they have to do is peel back the layers until they find a weak entry point. The more layers, the more potential entry points.
We especially see this scenario play out in network security as mid-size and large enterprises become more distributed due to global expansion, as well as cloud and mobile adoption. Offices, users, applications and data are no longer contained within a well-defined network perimeter. In an effort to address the dissolving perimeter, organizations have turned to point solutions aimed at patching and stretching the network in order to secure new access paths – MDM, cloud-based single sign-on, etc. This leaves IT teams spending more time managing appliances and infrastructure than preparing for the next big threat, which in turn makes organizations more vulnerable and unprepared.
Why aren’t more organizations making changes from the ground-up? Why do we keep patching holes in a broken system and hoping for the best? The we’ve always done it this way mentality can be dangerous and expensive when it comes to network security. Follow these 3 steps to reduce IT complexity and rethink your network security strategy:
Step 1: Admit defeat
It’s okay to feel overwhelmed – you’re not alone. It’s time to admit that we are only human and IT teams can’t be expected to work miracles with a broken system and personally monitor network security 24/7. Traditional methods for securing a network are outdated and it’s unrealistic to think that continuing to add more and more point solutions is a long term solution. Once you accept that there might be a better way, you’ll be able to look at the problem with a renewed perspective.
Step 2: Re-evaluate
Ask yourself: How can I make the network security more agile? Which legacy systems or processes are holding back progress? Are my vendors proactive and innovative? How can I ease the management burden? How can I reduce costs? Is our mobile connectivity secure enough? How can I simplify our policies?
Step 3: Think outside the black box
Hardware-based network security is limiting. Appliances are expensive and difficult to manage, software updates need to be done onsite and dedicated IT staff is required for maintenance. Break free from the black box and look to cloud, virtualization and software options to simplify network security and reduce costs.
Perimeters are not extinct, but the time has come to think beyond medieval solutions. Modern perimeters should be fluid, adaptable and erected on-demand in order to keep up with how we work in a digital, cloud-based age. Don’t be held back by out of date network security simply because you’ve become accustomed to it.