EDITOR’S QUESTION
//////////////////
R
ecent advances in cloud and mobile
computing now make it possible to
simplify and more fully automate
security. There are two fundamental steps to
take – implement cyber hygiene and focus
on protecting the crown jewels – mission-
critical business applications.
With current approaches, it’s hard to
effectively achieve security goals, such as
ensuring only minimum necessary access.
For example, a firewall is often set up at
the perimeter of the whole enterprise (like
the fence around our whole community)
to control access to a group of
applications, which can often be
thousands of applications.
Instead, there should be a firewall set up
to control access to each individual critical
application (like each individual house),
26
INTELLIGENTCIO
allowing only access by the users and system
components that absolutely need access to
that one application (house).
Security also needs to get more efficient.
Imagine that the guards at the gate get a
phone call alerting them to unusual activity
somewhere in the community.
The guards might spend all day looking
around the community looking for the
unusual activity. It would be more efficient
if the guards knew exactly which house to
go to, if the house was empty or filled with
valuables, and if the activity was normal for
that house.
With an application-focused approach, the
security team can zoom-in on the most
important assets, i.e. critical applications,
rather than spreading investments thinly
across the infrastructure.
Organisations begin by classifying
applications to ascertain criticality and
prioritisation, so they can put more effort
into the most critical applications. Keep in
mind however that all applications need
some level of protection.
By taking two fundamental steps –
implementing the core principles of cyber
hygiene and focusing on protecting the
application – organisations can move to
more effective information security.
Cloud and mobility computing now make
it possible and provide a way to architect
in security.
As IT environments continue to evolve, this
updated model can help ensure that an
information security programme is not only
more effective today but also prepared for
the future.
www.intelligentcio.com