Maintaining Security Design Integrity to Prevent a Data Breach
Information Security (InfoSec) infrastructure design is very similar to any other infrastructure design because you must have someone, or a team, involved in the overall, high-level design to ensure integrity and resilience. It is critical that this oversight be preserved throughout the design and maintenance of the infrastructure.
Generally, we bring in the best and brightest architects to design our security infrastructure and unfortunately, once it is designed, we let these architects move on to their next big challenge. This leaves a huge void in our security strategy, because there is no one left who can ensure and oversee security design integrity.
The evening news is filled with Fortune 500 companies due to major cyberattacks and data compromises. These companies have plenty of security expertise and the latest appliances and technology to prevent attacks. However, these companies fail to maintain security design integrity over time, due to the lack of understanding the high-level security infrastructure design.
The lesson I wish to share is: Your best chance to prevent cyber attacks and data exposure is to keep these architects close and in the loop of all security design changes. This will ensure that all improvements you make to your infrastructure will improve your defenses and not improve the chances of the hackers getting to your data. If keeping an architect in house is too expensive, then find a third-party architect and design team who can oversee all design change activities.
Stay tuned for more lessons and shared experiences next week,