Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:3303

NEXT



When Network operations meet security

Editorial Type: Feature     Date: 01-2014    Views: 3246   







As threat vectors evolve there is an increasing crossover of responsibilities between network operations and network security. Brian Spector, CEO of CertiVox, considers the challenge

Organisations across all industry sectors are facing the increasing risk of data breaches and a sustained assault from hacking collectives with varying degrees of confidence. According to the Symantec Internet Security Threat Report 2013, more than 93 million identities were lost in 2012 alone, including some high profile organisations. Companies like LinkedIn, Adobe and Sony have been the victim of attacks and business data is just as vulnerable as consumer information. According to the 2013 Ponemon Cost of Cybercrime Study, information theft represents the highest external cost of cybercrime in the US, followed only by the costs associated with business disruption.

The associated cost of a security breach, whether it results in data loss, network outages or other consequences, is an important consideration, and it needs to be taken into account when looking at the remit of the network operations team and its scope. The network manager plays an increasingly important role in not only the smooth running of the network, but also in the external security of the organisation. As network complexity increases so does the responsibility of the network manager, whether it is resolving network outages, understanding application performance, handling latency issues, or facilitating network change and configuration.

But there is an elephant in the room; when does network management become network security? The answer will vary, but in many respects they are nowadays one and the same thing, and this is because the most important responsibility of a network manager is to maintain the health and integrity of the network and to protect enterprise information assets. This is reflected in the many network technology products on offer, with many vendors now offering an integrated approach to network and security management.

The network manager is in a unique position, having insight - often real-time - into the overall operation of the organisation. However, with these increasing responsibilities and visibility, careful management is required on the part of the organisation and segregation of duties may be essential. The crucial nature of the network manager's role means that the individual should be vetted by the organisation, much like any other officer of the company. In addition, the network manager should be responsible to a C-Level officer to ensure that appropriate strong authentication has been implemented into the enterprise infrastructure, reducing critical threat vectors like unsecured username and password databases.

It's widely accepted that a layered approach to network security is required. This is often achieved through a combination of secure hardware, regularly updated software and proper processes, underlining that there is no single approach that protects against all threat types. Notwithstanding this, organisations would do well in the first case to eliminate one of their biggest threat vectors - the username and password database. It is high time that organisations everywhere took a second look at the security methods that they employ because what is proven time and again is that username and password security systems are inherently weak. This offers a wide range of attack vectors to criminals along with a valuable source of private customer information.

The convergence of network management and security is not necessarily reflected in the appropriate roles within many companies, but it is important that this is rectified and that the network management and security teams work as one to ensure effective protection from both internal and external threats.

The cost of this convergence will obviously be of concern to companies and the fusion of network management and security roles needs to be well considered. However, any data breach will ultimately be more costly to the organisation than any incremental cost of extending the remit of the network operations team to include network security.

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT