Friday, 16 August 2013

Overview of Security

Enterprise Security Overview

Today's enterprise security approach is the product of an elaborate façade created by for-profit security vendors and outdated perimeter-focused security architecture. The focus has been shifted from protecting assets to guarding the network edge, while data continues to be exhilarated, and data breaches are at an all-time high. This shift in focus has created a cat-and-mouse game of securing the enterprise from the latest threats at the expense of our budgets, network infrastructure, creditability, and maybe sanity. In response, we have self-imposed several challenges in the security industry and created a roadblock perception for the enterprise security team and enterprise security program. Let's reset our focus on securing what is most critical to the enterprise, its data.

Enterprise security pitfalls

The challenging responsibility of leading security within an enterprise can be successful or disastrous. Security in principle is black and white, however, implementation and the real world is gray. When security personnel operate from a binary perspective on security principles it fosters a false perspective of an ideal enterprise security posture. It does not exist and will frustrate security objectives. We as security personnel are charged with understanding how the enterprise functions so that we can provide the desired security direction and expertise as a business enabler. We can then more effectively determine risk associated with implementation, and risk identification will determine investment is securing the implementation.

The road map to securing the enterprise


The road to a risk aware secure enterprise does exist; it is challenging, but tangible. In this section, I will lay out a road map to developing flexible security architecture as the foundation to securing the enterprise. It is not the only method, but it is sound and will hopefully serve as an exercise to challenge enterprise security teams to rethink the current architecture and security methods being implemented.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)