Network security’s ticking time-bomb
By Reuven Harrison.
Balancing effective IT security against a business’s need for agility is an age-old issue. But today, getting that balance right is trickier than ever. Organizational networks are increasingly sprawling, complex and hard to secure, with ever more changes required at the server level to ensure businesses can securely run all the applications they need, as and when they need them. In such a highly complex environment – characterised by constant change – a reactive, manual approach to security is no longer adequate. Mistakes can (and do) creep in, exposing organizations to cyber-attacks, data breaches and industrial espionage.
Yet slowing down the change process in order to ensure security can be similarly risky, since this will stifle the very agility that is key to business survival and success. Unless network managers fundamentally rethink their manual approach and adopt fresh strategies supported by automated tools, they face a ticking time-bomb that could seriously damage not just their security, but their business credibility and competitiveness.
A complex set of challenges
As networks become increasingly segmented, today’s enterprises have hundreds (sometimes thousands) of firewalls, routers and switches, generally from a number of different vendors. All these devices require in-depth configuration, with hundreds of rules to set up and monitor in order to ensure that the business’s wider security strategy is being adhered to. The move to virtualised server environments and cloud computing only compounds this complexity. It can be very hard to understand precisely how the organization’s traffic is being routed, both within and outside its walls.
Change comes with the territory. Businesses are continually introducing new networked applications and features, as well as optimising existing systems, in a bid to beat their competitors. All these changes require constant tweaks to network configurations and security settings. Large organizations often have to implement hundreds every week. Many network engineers are constantly chasing their own tails in a bid to manage the deluge. Inevitably, this increases the risk of errors and omissions.
Furthermore, when you’re forever rushing to implement changes to a complex, interconnecting web of networks, servers and clouds, it can often lead to configuration errors, broken connectivity and server downtime. For example, a large bank might make a firewall change that unexpectedly brings down thousands of ATMs for several hours, with all the consequent loss of revenue and reputation. The adverse publicity suffered by NatWest, RBS and Ulster Bank in December after a software glitch knocked out ATMs on the busiest shopping day of the year is a stark warning of the sort of thing that can happen.
Nonetheless, business expects IT to respond to its requests with ever increasing speed. Where in the past it would have been acceptable to deliver connectivity within a week or two, now IT departments are expected to satisfy any requests within 24 hours. Before long, most businesses will demand their continual thirst for connectivity is quenched in near real time. If these desires are frustrated, they will increasingly resort to ‘shadow IT’ – a term described by Wikipedia as “IT solutions built and used inside organizations without organizational approval”. For example, business teams will often bypass sluggish IT departments by using third-party web services and cloud providers without authorisation. This only adds to network managers’ security challenges.
Growing network complexity and the pressure to deliver continuous changes also massively increases the risk of failing to remain compliant with essential industry regulations and enterprise policies. From industry-specific requirements such as Sarbanes-Oxley (SOX), PCI-DSS and HIPAA to more general security accreditation like ISO 27001, network security managers now spend an inordinate amount of their time on compliance preparations – a trend which is only likely to grow as companies vie to secure accreditations that could help them win the confidence of customers and other stakeholders. But access requests from developers and configuration errors introduced in the rush to implement changes means many organizations are unwittingly violating these compliance policies, with breaches often going undetected for months.
Another significant challenge is the lack of effective communication among different teams. The siloed approach to IT simply doesn’t work in today’s fast-changing environment. For example, the network and security teams might not understand application requirements very well, while the development team is frequently unfamiliar with the intricacies of networking and security. Without more effective communication that cuts across the old enterprise hierarchy, IT organizations are prone to errors, which means they have to waste time and resources rectifying their mistakes.
Overcoming all these challenges – complexity, constant change, connectivity, compliance and communication (or the ‘five Cs’ for short) clearly requires a more effective and sustainable security response than the traditional manual approach. Growing competitive pressures mean the need for speed amid increasing complexity is following an inevitable upward trajectory. Before long the time-bomb will explode and many network security managers will find themselves with limited opportunity to catch up with more nimble competitors. So what’s the solution?
Collaborate, integrate and automate
Rigorous, organization-wide security policies can only be managed effectively with better collaboration across teams and business units. There also needs to be effective integration of management systems and network devices using simple application programming interfaces (APIs). And, critically, much of the manual work currently preventing network managers from using their time and resources more strategically has to be automated.
Effective security policy orchestration (SPO) tools can centralise the management of firewalls, routers and load balancers from different vendors, across an organization’s disparate networks. In addition, they can automate the design and provisioning of network changes, as well as simulating the impact of any changes both before and after implementation. Together, these capabilities greatly reduce the risks and increase the speed of making successful changes. Effective SPO tools will also improve collaboration by allowing the business to define customised workflows that cut across disparate teams and business units, with the ability to add in new ones as the need arises.
For these tools to be successful, organizations first need to design an effective company-wide security policy that suits their business. But, equally, until companies move beyond the manual approach and take advantage of automation, successfully implementing and managing such policies will remain a pipe dream.
Reuven Harrison is CTO of Tufin.
•Date: 21st January 2014 • World •Type: Article • Topic: ISM