Five Ways to Engineer Better Network Security
June 26, 2012
When it comes to investing in network security, there are three types of IT philosophies.
"There are the ones that value technology and see it as a strategic advantage in their environment, and they'll invest heavily in it. There are the ones that know they need it and they're willing to invest where they need to," says Rick Norberg, president of Atrion Networking SMB, an IT service provider. "And then there are the ones that just see it as the cost of doing business. And those are the ones that tend to be unprotected, unmanaged and dedicate inadequate staff resources in order to plan through security."
Don't get pegged in that third group, Norberg warns. According to Norberg and several other IT experts, there are a number of ways to revamp your thinking and your network design for better IT functionality and improved security. Here's where they say to start.
Build Backward from Mandates
According to Norberg, before designing your network it's important to take a step back and think about a couple of critical variables, including:
- What vertical you operate in;
- What compliance mandates you answer to;
- Where you want technology to take the company in the next three years.
Then design back from there, he suggests. When taken into consideration early in the design process, these elements should have significant bearing on the choices you make in infrastructure and deployment options.
"Sometimes, people will just buy cheap switches, network gear, firewalls and things like that because they're inexpensive. And they throw them in," says Norberg. "Then when they have a breach, they realize they just paid a zillion dollars to the government or to a credit card company or something like that in order to remediate it. And then they have to go buy the more expensive gear anyway. Taking an 'it can't happen to me' approach is probably not the best way to design a system."
Know Where Data Sits
One of the biggest weaknesses of many organizations is the lack of visibility into where exactly important data sits on the network.
Scott Laliberte, managing director at global business consulting and auditing firm Protiviti, says, "Among the things that clients we are working with are spending more time on is not only data leakage prevention--making sure it doesn't go out on the front end--but also what I call 'data discovery,' which is being more confident and clear on where the data for sensitive information really does reside and then organizing it in such a way that you can manage it in a segmented way."
According to a Protiviti survey earlier this year, organizations still struggle with data discovery and classification--just 50% of respondents said they have a specific plan in place to categorize data. And according to Laliberte, when he engages with clients to do data discovery on their network for the first time, surprises are common.
"In almost every instance there is a surprise found by the client as to where some of the sensitive data is," he says.
Next: The Importance of Modularity, Firewalls and Patches