文/ | 2018/01/17 15:01:24 星期三 發表
Organizations must change the way that they manage security if they want to keep up with the speed of business – especially as more and more companies migrate their applications to the cloud and adopt DevOps processes to help them develop and deploy new applications and functionality faster. So how should they go about it?
The key is to automate security policy changes. An effective solution will provide holistic visibility across the enterprise network and the applications that run across it, enabling IT teams to see all the network and security devices, applications and their connectivity flows – whether on-premise or in the clouds – in a single pane of glass.
The solution will understand the rules and syntax used by the different network security devices – including traditional and next-gen firewalls and routers and cloud security controls – and manage them holistically, giving IT teams centralized view and control of all the ‘traffic lights’ on their networks, and enabling them to eliminate time-consuming errors and problems that result from manual change processes.
It’s all about the applications
As the most common trigger for policy changes are changes to an application, it’s critical to understand exactly what devices and connectivity each application needs to function correctly and deliver its benefits, while remaining secure. Therefore, the automation solution should be able to automatically discover and map the connectivity flows for all of the enterprise’s business applications, to show IT and security staff exactly how data flows across the network.
The automation solution should also enable IT teams to perform proactive risk analysis on planned application connectivity or security policy changes before they are made, to ensure that they don’t introduce security gaps or compliance violations. Then, if no exceptions or issues are identified, the approved changes can be rolled out to the relevant security devices with zero touch – thereby saving significant time, effort, and most importantly helping to prevent misconfigurations which cause outages and security holes. The solution should automatically document all these changes for auditing purposes – and to demonstrate compliance with the growing ‘alphabet soup’ of regulatory standards.
By taking an application-centric view of network security, the security policy management solution can also be used to accelerate incident response processes in the wake of cyberattacks or outages. Linking the policy management solution to SIEM systems and vulnerability scanners adds vital context to information about incidents, enabling network and security teams’ actions to be prioritized according to the risk and impact on critical business applications.
In conclusion, automating security policy management delivers a stronger security posture across organizations, enables business continuity, accelerates digital transformation initiatives and streamlines DevOps processes by supporting team collaboration. Enterprise security truly is a matter of policy.
國立暨南國際大學計算機與網路中心 助理教授 & 技術員