I recently had the opportunity to sit down with Conrad Menezes to discuss some of the current and future networking and security trends and challenges facing organizations. Conrad held senior executives roles spanning both security and networking at companies such as Sears and American Express. In our conversation, he provided some great insight on topics such as the modern threat landscape, dealing with application overload in the data center and what software-defined-networking (SDN) can mean for organizations.
In our final post on the security policy management maturity model (if you've missed the others in our series, please check out Part 1- Initial, Part 2- Emerging and Part 3- Advanced), we look at the best-in-class or "Visionary" organization. An organization at this level takes a different approach to looking at its security infrastructure. Instead of looking at devices from strictly a firewall/security perspective, visionary organizations are making decisions from the perspective of critical business applications in the data center. All key stakeholders across security, network operations and application teams have visibility of the business requirements and the security implications and are aligned through streamlined and automated business processes. Characteristics of an organization taking an application-centric approach include:
In my previous post on the security policy management maturity model, we examined what an Emerging organization (level 2) looks like. Steps to automate security policy analysis and audits were implemented, but the security policy was only optimized, compliant, etc. at a point-in-time, because changes continue to introduce risk and policy bloat.
In my previous post on the security policy management maturity model, we examined level 1, or the Initial level, which means you're either not managing security policies at all or are at an extremely basic level that is fully manual. If you took some of the tips to heart regarding policy analysis automation, then you may now be at Level 2, or what we refer to as an Emerging organization.
In my first post on the Security Policy Management Maturity Model, I highlighted the challenges of network and security complexity and dynamic business requirements that must be addressed by IT in order for the business to remain competitive. In the forthcoming blogs, I’ll dig into each level of the maturity model and not only examine what each level means in terms of your organization’s environment, but also provide some tips for moving up the ladder and the benefits for doing so.
Does the following scenario sound familiar? Your network complexity is getting out of hand with too many firewalls, routers, switches, secure web gateways and more, as well as the related security policies. New network security devices with more granular and different types of controls have recently been or are being deployed in the network. At the same time the business is putting more demands on you to manage "ASAP" with requirements changing regularly. You don't have proper visibility of the security policies, compliance audits are a major burden, you can't keep up with all of the changes and you can't possibly know the impact of a security change or risk to a application that is critical to the business.