There is no debate about the importance of Information Security (InfoSec) as the evening news continues to highlight breaches at Fortune 500 companies on a regular basis. The solutions are becoming more and more complex as we try to incorporate layer upon layer of appliances and technology to thwart the onslaught of attacks from a growing number of sources.
Unfortunately, there is no single tool or technology that can provide the ‘big picture’ of the overall security infrastructure design based on business or compliance needs. This big picture, just like the blueprints of a house, must be completed and reviewed before the pieces are acquired and the building begins.
Throughout my 18 years of experience, I’ve encountered countless clients who built their cybersecurity defenses by purchasing the latest next generation firewall with IPS / IDS, endpoint protection, DLP, NAC, IAM, encryption, proxy, and multi factor authentication appliances. After their teams spent many weeks and months deploying and configuring these appliances, they realized that they needed to address compliance and business needs that required a standardized framework. This meant that new configurations and controls needed to be implemented within these appliances, causing more weeks and months of delays.
If they had started with a comprehensive assessment and design of their infrastructure, they would have saved months of time and numerous headaches in their pursuit of a robust and resilient infrastructure.
I hope this provides some additional insight to you and your organization as we improve our InfoSec and stay out of the evening news. I will return soon with more insight from my experiences.