No matter how quickly IT security practices progress, security threats often seems to outpace them. Threats are becoming more technically sophisticated and harder to detect. Not only do security attacks result in economic consequences, but they also impact the reliability of critical business infrastructure.
As workloads move into the cloud, businesses lose control over who can access the computer systems those workloads are running on. They may no longer be able to see what resources have been accessed, when they were accessed, and from where. BYOD programs compound the problem by introducing numerous additional devices into the mix.
With everything that could go wrong, it’s nice to know you can take practical steps towards improved infrastructure security. Implement the three security steps below, and gain at least a little bit more peace of mind.
1. Avoid over-complication
Taking a holistic approach to network infrastructure can save money and help your network remain sustainable for the long run. Wherever you can, avoid adding complexity to your infrastructure; after all, security solutions are complicated enough as it is. Focus on network basics, like switches, centralized authentication, firewalls and UTM devices, patching and reporting, and policy management. Once you start layering disparate management, and reporting and authentication for LAN access, you will quickly have a mess on your hands.
2. Support security layers
Whatever layers you do have must be supported by your infrastructure; otherwise, you will be building your network on a wobbly foundation. Most businesses don’t have the luxury of redesigning the network every couple of years. Even when hardware is upgraded, the underlying infrastructure design probably hasn’t changed very much. Back when these networks were originally provisioned, we hadn’t planned on bulk wireless authentication or port-based security. If you layer LAN-enforced security such as firewalls, IDS/IPS, zoning, or wireless on top of a poorly designed network, you will end up with poor security, too.
3. Review security policies for holes
Is your network house completely secure, or have you locked the windows while leaving the front door wide open? Check thoroughly for leaks, both big and small. Searching for them will raise questions: Maybe you enabled SSH, but did you remember to lock down the web access? Even if you recently provisioned secure wireless, do you still have other devices using legacy WEP keys? Check to see that your firewall is implementing policies across every possible path out of your network, and make it a goal to identify the weakest link in your network.