Improving network security

Improving network security

Cherif Sleiman, General Manager, Middle East and Africa, Infoblox

In May this year, we posted results of our ‘network protection survey’, which looked – among other things – at best practices in companies that were highly successful at network security. I will drill down into these best practices, and how to achieve them. Some of the recommended actions have the added benefit of positively influencing multiple outcomes, so organisations in the Middle East can benefit by prioritising these actions first.

Recommendation #1: Get rid of departmental silos. Among survey respondents, there was a high correlation between those who reported best results with those who enjoyed a high level of cooperation between network, security, and application teams. You may need to retain data silos to ensure privacy and security, but colleagues should be made aware of those limitations. Technology can be a great facilitator to enforce essential policy and remove artificial boundaries or silos that limit data sharing across groups.

Recommendation #2: Pay attention to operational realities. In network security and network operations (and probably most areas of the enterprise), technology alone will not alleviate certain realities about doing business. Technology must be part of a strategy to optimise processes and help people make intelligent, intuitive decisions based on information (not data) and enriched with the right context.

Recommendation #3: Prioritise based on risk analysis. Actions should balance risk and reward. That requires laying the foundation for intuitive decisions with information and context derived not from all data, but from data required to provide a perspective on risk and impact on the business. Human beings should not have to correlate data themselves or use guess work to determine impact. To prioritise properly, they must have as much aggregated context as possible (that’s why getting rid of silos is so important).

Recommendation #4: Be realistic about security staffing. Finding staffers who are experienced in three key areas – networks, security, and applications – is no picnic. Sometimes finding an expert in just one area is difficult. If you do find them, they’re likely to be expensive and in demand. That’s why it’s important to look for technology that reduces the need for adding staff with cross-departmental expertise and can augment existing staff with insight that would have required additional manual work or resources.

Recommendation #5: Automate routine tasks. Automation has value beyond avoiding mundane tasks and freeing people to make better decisions. It helps reduce delays and errors, as well as identifying incorrect or inefficient processes, while avoiding ad hoc workarounds. As survey respondents reported, automation institutionalises tribal knowledge and allows staff to react more consistently when faced with certain situations.

Perhaps our key recommendation from the network survey is to remember that every solution encompasses people, process, and technology. Over-reliance on any one is hardly ever the right answer or approach.

About the Author

Sleiman has more than 20 years of sales, technical and business experience with some of the world’s leading networking and telecommunications technology companies. He has held key executive roles, including chief operating officer and chief technology officer at Core Communications, a software and IT services company focused on cloud-based business services and web and mobile apps. He spent more than six years at Cisco in various leadership positions, the last being senior director, leading the enterprise business for Middle East and Africa. He also developed the strategic vision and technology roadmap, and managed all aspects of research and development, for Nortel Networks in his role as CTO, Enterprise Business Unit.

Browse our latest issue

Intelligent CISO

View Magazine Archive