Implementing a new security management planDate: Jul 28, 2014
In this webinar, Henry Svendblad expands on his discussion in part three of this three-part video series on the new IT landscape and his call for a new security paradigm. Svendblad offers practical guidelines here for implementing pervasive protection, a security management plan needed to support the new IT landscape.
So how do you implement a new strategy? Svendblad says it is important to recognize that there is no perimeter that you are trying to protect. In a fully connected world, networks do not have borders. Protection must be multilayered within the firewall, devices and applications. Network managers must always be leveraging a centralized policy.
The enterprise LAN should be treated as a wild environment with special attention being paid to taking care of re-trenching applications to the data center and centralizing them. You should use multifactor authentication to access an application. Requiring a thumbprint or a retinal scan along with having passwords is a great way to add more layers of security.
Digital denial-of-service protection is worth the investment, says Svendblad. It is important not just so that you have protection within your enterprise, but also so you have a service provider to help when there is an attack. With the help of a service provider, you can keep attacks away from your data center because the service provider will handle it.
Check out the other two parts of this series
Read more about how the IT security landscape has changed in the last 20 years
Find out why pervasive protection so important
Before you come up with your plan, Svendblad says you should create a risk profile for your company. When doing this, focus specifically in "return on risk," which is how much risk you can tolerate. Assess the risk trade-offs of new technologies and initiatives such as cloud, mobility, big data and unified communications to see how much impact they will have on your current state of vulnerability.
From a practical point of view, it makes more sense to prevent an attack than to deal with an attack. Svendblad emphasizes the need for organizations to become proactive. Don't just react to an attack, he advises; instead, focus on the forensic capabilities with intrusion detection and protection technologies to avoid the attack all together. Figure out where you are vulnerable right now with external services. Launch a specific initiative that takes the end-to-end view of security and risk management, identify areas of conflict and ambiguity and focus your plan on those key areas.
Watch the video for guidance on how to implement a pervasive-protection security program for your enterprise.