Five Network Security Secrets - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

09:37 AM

Five Network Security Secrets

Recent high-profile break-ins show that networks are more vulnerable than ever. Follow our tips to keep your network safe.

What is the secret to network security? In the wake of recent high-profile security breaches like at LexisNexis and MasterCard, it's worth asking what it takes to nail down network security --- and what are the secrets not everyone knows?

"There's not really a secret," says Marcus Shields, enterprise product manager at Soltrus, Inc., a Canadian firm specializing in digital trust services. "There are a lot of things that organizations should be doing but aren't. A lot of it comes down to common sense."

The problem with common sense, it has been observed, is that it is not very common. Consequently, some of the basic precautions that any organization can take to secure its network might as well be arcane secrets of the security trade -- at least until you take them and make them a part of day-to-day procedure.

Assess threats and risks: "I'm always amazed at how many companies don't do threat and risk assessments." Shields says. "They don't know what assets they have and, consequently, they don't know where they're vulnerable."

Indeed, security is supposed to mitigate risks and plug holes, but you can't do that effectively unless you know what risks you're facing, and what holes you need to plug. Shields says that enterprises have been getting better, overall, at doing threat and risk assessments, but many -- perhaps a majority -- have no idea what they have connected to their networks, let alone what their biggest vulnerabilities are,

The problem is a combination of two things. The first is the way that networks have grown organically. Devices and systems typically proliferate to answer immediate business needs, but with little regard to long-term security issues. The other problem relates to the nature of security itself.

"It tends to be reactive," Shields says. "It's like 'we just got attacked," or 'so-and-so just got attacked and we have to do something. let's get a box.' Organizations concentrate on what they think are the likely risks without knowing exactly what risks they actually face, and that's just not enough."

Develop a security policy: With all the talk about the need for procedures and governance in security, it might come as a surprise that security policies are not all that common. "You'd be really surprised at how few organizations actually have a policy," Shields says. "Most have a acceptable use policy that says 'don't look at pornography or run a business on company systems, but not a real security policy."

The point is that, once your threat and risk assessment finds the holes in your security, you need a policy to keep those holes plugged. "Now that you know what your risks are, you can tell your employees," Shields says. "You might have to hire a company to develop your policy, but it's a low-bucks proposition."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll