Reuven Harrison, CTO, Tufin, predicts major enterprise network disruption ahead as businesses become increasingly run on software
Tufin®, the market leading provider of Security Policy Orchestration solutions, today called on organizations to build network security into the application release process or face business agility and network security being severely compromised.
As business becomes increasingly software-based, Reuven Harrison, CTO, Tufin , stated that more needs to be done to manage network security for business-critical applications - including properly decommissioning applications and better management of network segmentation.
Harrison commented: ‘Whether it’s the retail industry being expected to offer efficient online shopping platforms or the healthcare industry managing digital patient records, networks are carrying more sensitive data than ever. As the use of software to run services or products increases, so does network complexity and this offers more vulnerabilities in the network that are open to exploitation.’
He continued: ‘Significant disruption is inevitable as many companies are failing to properly integrate security and development teams, leaving them struggling to strike the balance between business agility and security. The issue is each of these teams has a different agenda – DevOps want to get apps up and running quickly, and security want to prevent the risk from threats like cyber-attacks. The result is either a bottleneck or poorly thought-out security. And to make matters worse, we’re seeing many more organizations who are failing to properly decommission applications which leaves security loopholes in the network that can later be exploited by malicious hackers.’
Tufin recommends businesses take the following steps to protect assets against this increased complexity and increased cyber-threat landscape:
- Control the change process – network changes are inherent to business yet risky when uncontrolled – establish a business process for network changes
- Improve collaboration – security and business agility depend on collaboration and trust between developers, networking and security teams – cater to the different languages used by the different stakeholders
- Automate change implementation – networks are too complexand change is too frequent to be handled manually - automate the technical aspects of firewall policy configuration so that you can focus on the big picture
- Centralize network segmentation policies – enforcing network segmentation is too complex on a per firewall basis – define a central, high level network segmentation policy that can be enforced across the entire network
- Reduce the surface area for an attack - properly decommissioning applications will prevent unneeded exposure - remove applications from the network and remove their security rules from firewalls
- Orchestrate network connectivity – centralize the management of network security policies and business application connectivity to optimize network segmentation without disrupting business.
Harrison concludes: ‘While it’s almost impossible to totally prevent a network attack or stop it mid-flow, steps can be taken to manage issues and the network more efficiently to limit the damage of an attack. What’s required is a change of mindset - businesses need to realize that adding more security devices doesn't automatically protect the organization. Better orchestrated networks are the key to delivering applications securely and quickly.’