Complexity is the enemy of security
Businesses should look to automation to solve some of the security issues that increased complexity brings
Complexity is very much the norm for today's businesses. The rapid rise in the adoption of public, private and hybrid cloud platforms, combined with hugely intricate networks consisting of a growing number of devices and the rules that govern them, means network architectures are constantly evolving.
This rate of development presents a huge number of opportunities for businesses, including the ability to offer new, innovative services, work in more efficient ways and achieve greater business agility. However, it is also resulting in significantly increased levels of complexity for IT teams, which makes staying secure a real challenge.
Indeed, complexity is now viewed as one of the leading risk factors impacting cybersecurity. According to a recent report from the Ponemon Institute, 83 per cent of respondents believe their organisation is at risk because of the intricacy of business and IT operations, highlighting just how prevalent the issue has become. And, with nearly three-quarters (per cent) of respondents citing a need for a new IT security framework to improve their security posture, businesses need to find a way to deal with this complexity and the risks it presents.
Ultimately, it comes down to efficiently managing a complex web of solutions, while also keeping cyber defences intact.
Patched up
When it comes to maintaining security, one of the biggest issues facing businesses today can be best visualised through a ‘patchwork quilt' analogy. Not only are networks increasing in size, but firms are also being faced with the challenge of figuring out how to patch together several different systems and services from a wide range of vendors, all of which have distinctive features and capabilities.
The sheer quantity of tools and services being used across heterogeneous environments - multi-vendor and multi-technology platforms, physical networks and hybrid cloud - means a larger attack surface. As the attack surface grows, gaps can appear that attackers can use to break into the network. And without true visibility across the entire architecture and a clear view of each piece of technology, it's difficult to find and close those gaps.
The services and applications in these various systems will also likely require different security policies, further adding to the complexity. For example, changing one security policy could have implications elsewhere, and without proper visibility, IT teams aren't always aware of how one change impacts the entire network. Not only can this have security repercussions, but it can also have a negative impact on business continuity.
But it's not just the technical side of things that businesses should be solely concerned with. The human factor of security also must be addressed.
People problems
The complexity issue is further heightened by the fact that today's IT security teams are often understaffed and don't have the required levels of expertise to effectively deal with cyber threats.
The so-called ‘skills gap' has been a widely discussed topic in cybersecurity and one that is becoming more serious as cybercriminals expand their capabilities, and corporate environments become more intricate. As a result, many businesses lack the skilled information security personnel needed to securely manage their complex networks.
Human error and misconfiguration risks are also more prevalent than ever. The likes of security lapses, improper firewall management and vulnerabilities being overlooked are all very real concerns that, due to the complexity of modern networks, can become commonplace.
Embracing automation
To address these challenges, businesses need to be able to streamline the management of security policies. By using a centralised policy management tool that looks across the entire network and automatically flags policy violations, the task for IT teams will be significantly simplified, giving them greater levels of visibility and control.
Furthermore, policy-driven automation can be used to ensure a company's security strategy is consistent across the whole organisation, while also being able to identify high-risk or redundant rules with a greater degree of accuracy than through manual efforts. This way, businesses can continue to develop their infrastructures and grow their businesses without having to worry about opening themselves up to security risks.
From a people point of view, manually carrying out reviews of existing rules and policies is tedious and mistakes can easily be made. An automated tool can remove the threat of human error. It can also complete this job in a fraction of the time, making IT teams more efficient and freeing them up to perform higher level functions that increase the business's overall security.
Coping with complexity is a very real problem for IT security teams but it can be overcome. By embracing automation, organisations can be sure that nothing will fall through the cracks and, even when a new piece of software is introduced, the overall system will remain as secure and agile as possible.
Businesses addressing the technical complexity and the human factor of corporate networks can continue to grow and add new services, safe in the knowledge that their defences are stronger than ever.
A ndrew Lintell, is regional vice president northern EMEA at Tufin