organisational resources from anywhere,
anytime and from almost any device.
To counter these factors, organisations
have started implementing solutions to
address security. However – this might be a
disappointment to several of you but reflects
reality – there is no silver bullet.
There is no single solution that can address
all security issues. A ‘defence in depth’
approach did not come about by accident
but is based on the determination that while
you might need a thousand solutions in your
network, you need solutions that address
different aspects of security.
You are not alone. Your networks have
changed significantly and you have multiple
solutions. That establishes a baseline. The
question is what can organisations do
differently to be better prepared. Here are
some suggested best practices.
This means understanding your capabilities
and risks. Just understanding the impact of
being breached in terms of cost, downtime
and reputation of the brand will help you
prioritise what actions to take.
Develop a clear picture of the key assets you
have, where they are located, who has access
to them, identify the most critical assets. In
the digital age, data is king so knowing which
devices have access to your data is key.
Note that data is not just the domain of the
large enterprise but a reality for every size
and type of organisation. This assessment
will lead you to the determination of what
makes up your organisation.
Examine your architecture
With the proliferation of IoT, adoption
of BYOD, growth in use of virtualised
environments and adoption of public and
private cloud infrastructures all require
that you step back and examine how you
architected your core network.
Focus on the outcomes you desire while you
examine the architecture; is your network
architected to maximise availability and
ensure continuity even if it is under attack?
Have you secured your data paths to make
sure you are protecting every known avenue
that can be used to steal that data? Does
your protection extend to the physical and
virtual elements in your network?
Do a process inventory
Technology is a key element to addressing
security challenges but technology is part
of the solution. People and processes play
an equally important role in maintaining
a robust security posture. Developing an
understanding of how sensitive information
is handled, who has access to sensitive
information, your internal policies on how
you treat sensitive data, policy enforcement
mechanisms and ongoing training of
personnel handling sensitive data, must be
part of the overall solution.
WITH THE BASICS.
Start by addressing the basics
Often organisations invest in the latest and
greatest technology and buzz word driven
solutions. Sometimes there is a perceived
correlation between ‘high end solution’ and
impact. But there is a difference between
perception and reality. Organisations must
start with the basics.
MAKE SURE YOU
KEEPING UP TO
DATE WITH YOUR
Institute best practices
Like I said above, people and process are
a critical component of addressing your
security posture. Make sure you have
instituted best practices around passwords,
patching your systems with the latest
updates and keeping up to date with your
hardware and software.
Address the core of your network
Organisations that have adopted a defence
in depth approach have done so for several
critical applications like e-mail, web traffic
and endpoints. Often, they ignore the core