When it comes to enterprise network security, less is more
- 13 November, 2015 18:16
You remember those classic Get Smart scenes where Agent 86 and the Chief would have something so secret to talk about they would go to Control headquarters in the bowels of the Pentagon, push the button, and the Cone of Silence would drop down over their heads? Inside the Cone they could have a private conversation. Outside the Cone, no one can hear you. At least, that was the idea. Sounds perfect. The problem? It never worked! So, out of frustration, 86 and the Chief resorted to ducking under the Cone and shouting to each other, ensuring everyone could hear them.
Who would have thought Maxwell Smart could have taught us so much about network security?
Here is what he taught us: there is a point of diminishing returns in network security. A threshold which, when crossed, your network’s security posture begins to recede.
You know what I'm talking about. Here are some examples:
A password policy so complex that even this guy can’t keep up, so users write down their passwords on sticky notes under their keyboards.
A file sharing policy so cumbersome that users end up using dropbox or a personal email account because they simply can’t get their work done.
A content filtering policy that persuades users to circumvent controls through the use unsecured, unmonitored personal devices just to get their jobs done.
A technology policy or plan that does not keep up with advances in the industry or the increasing sophistication of cyber attacks.
What is the common denominator in all of the scenarios I listed above? Policy! These are not technology problems, but organizational leadership problems.
Why does it matter? What does it mean for the future of the enterprise?
The security of your computing infrastructure is more important than ever. Compromises in the network can have devastating effects. With the increased reliance on technology in healthcare, public safety, military, energy, and other industries, a breach in the network may not only result in substantial financial harm, but it could even cost a life. We are not playing games when it comes to network security.
What is the solution? Strong technical leadership that is not afraid to elevate substance over form. Technology leaders who are more concerned with results than with checkboxes. In short, real leaders.
Technology leaders, I adjure you - don’t let outdated, ineffective policies cripple your network.