How to reduce policy accumulation and improve security
By Digital News Asia August 9, 2013
- Outdated and overlapping security policies impede security management
- The answer to complexity is not more complexity
THE typical enterprise user today employs multiple devices, exchanges information from many locations and uses application data across hybrid cloud infrastructures.
Most organisations in Malaysia struggle to accomplish secure unified access for users, due to a morass of duplicated and often contradictory policies. In fact, this escalating number of security rules and policies accumulated by firms over time is leaving many unable to respond effectively to the changing threat landscape.
“Rules are constantly added to security devices, but seldom removed and this complexity is spiralling out of control,” said George Chang (pic), Fortinet’s vice president for South-East Asia and Hong Kong.
“Administrators find it increasingly challenging to understand the security they are implementing and are under impossible time pressures to troubleshoot new problems. The risk is that security holes open up amid the chaos. The answer to complexity is not more complexity,” he added.
He said Fortinet has five tops on how to reduce policy accumulation and improve security:
1) Drive application awareness
The process of simplifying security policies is challenged by the introduction of application-aware security; a key tenet of next-generation firewall technology. Critical, however, is the ability to attach this to individual user-IDs in one place, and enforce it throughout the network and across network security functions.
2) Enable Single Sign On
In reality, the added granularity that arises from running distinct security policies according to each different authentication environment can be burdensome to security management.
Applying Single Sign On (SSO) is another instance where (when implementing the correct approach) simplified security policy need not be at the cost of losing valuable context about the user’s location or device.
3) Unify wired and wireless network visibility and control
Runaway policy accumulation invariably occurs where wired and wireless network access is entirely separate for management purposes.
Where both coexist, wireless is typically the more dynamic environment with similar levels of traffic as wired infrastructure − this supports the rationale for integrating both (including user-centric policies) for easier oversight and simplified monitoring and compliance.
4) Rationalise network security
Managing a large estate of specialised security devices from many different manufacturers is a sure-fire way of multiplying the number of live security policies.
Deploying a suite of complementary systems from the same vendor reduces operating costs by enabling easier and more responsive management with fewer policies, higher performance and better overall security. It also enables network access policies to be integrated with all other security policies.
5) Focus smart policies by users and devices
iOS, MacOS, Windows, RIM, Android, Ubuntu, Unix, Linux all require policy differentiation at some level, which can cause a huge drain on management time.
Combined with a SSO approach to policy enforcement at a unified ingress point onto the wired/ wireless network, all policies can be determined according to user ID, device type and location.
For further details on how organizations can unify access and security policies, click here to download Fortinet's white paper on the subject.
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.