Businesses must address complex IT issues in order to combat cybercrime

By Andrew Lintell
Complexity has very much become the norm for today’s businesses. The rapid rise in the adoption of public, private and hybrid cloud platforms, combine...

Complexity has very much become the norm for today’s businesses. The rapid rise in the adoption of public, private and hybrid cloud platforms, combined with hugely intricate networks consisting of a growing number of network devices and the rules that govern them, means network architectures are constantly evolving.

This rate of development presents a huge number of opportunities for businesses, including the ability to offer new, innovative services, work in more efficient ways and achieve greater business agility. However, it is also resulting in significantly increased levels of complexity for IT teams, which makes staying secure a real challenge.

Indeed, complexity is now viewed as one of the leading risk factors impacting cybersecurity. According to a recent report from the Ponemon Institute, 83% of respondents believe their organisation is at risk because of the intricacy of business and IT operations, highlighting just how prevalent the issue has become. And, with nearly three-quarters (74%) of respondents citing a need for a new IT security framework to improve their security posture, businesses need to find a way to deal with this complexity and the risks it presents.

Ultimately, it comes down to efficiently managing a complex web of solutions, while also keeping cyber defences intact.

See also:

Patched up

When it comes to maintaining security, one of the biggest issues facing businesses today can be best visualised through a ‘patchwork quilt’ analogy. Not only are networks increasing in size, firms are also being faced with the challenge of figuring out how to patch together several different systems and services from a wide range of vendors, all of which have distinctive features and capabilities.

The sheer quantity of tools and services being used across heterogeneous environments – multi-vendor and multi-technology platforms, physical networks and hybrid cloud – means a larger attack surface. As the attack surface grows, gaps can appear where attackers can find their way inside the network. And, without true visibility across the entire architecture and a clear view of each piece of technology, it’s difficult to find and close those gaps.

The services and applications in these various systems will also likely require different security policies, further adding to the complexity. For example, changing one security policy could have implications elsewhere, and without proper visibility, IT teams aren’t always aware of how one change impacts the entire network. Not only can this have security repercussions, but it can also have a negative impact on business continuity. But it’s not just the technical side of things that businesses should be solely concerned with. The human factor of security also must be addressed.

People problems

It has become clear that the complexity issue is further heightened by the fact that today’s IT security teams are often understaffed and don’t have the required levels of expertise to effectively deal with cyber threats.

The so-called ‘skills gap’ has been a widely discussed topic in cybersecurity and one that is becoming more prevalent as cybercriminals expand their capabilities, and corporate environments become more intricate. As a result, many businesses are lacking skilled information security personnel needed to securely manage their complex networks.

Human error and misconfiguration risks are also more prevalent than ever. The likes of security lapses, improper firewall management and vulnerabilities being overlooked are all very real concerns that, due to the complexity of modern networks, can become commonplace.

Embracing automation

To address these challenges, businesses need to be able to streamline the management of security policies. By using a centralised policy management tool that looks across the entire network and automatically flags policy violations, the task for IT teams will be significantly simplified, giving them greater levels of visibility and control.

Furthermore, policy-driven automation can be used to ensure a company’s security strategy is consistent across the whole organisation, while also being able to identify high-risk or redundant rules with a greater degree of accuracy than through manual efforts. This way, businesses can continue to develop their infrastructures and grow their businesses without having to worry about opening themselves up to security risks.

From a people point of view, carrying out reviews of existing rules and policies is a tedious and time-consuming task to do manually, which can easily result in mistakes being made. But, an automated tool can remove the threat of human error. It can also complete this job in a fraction of the time, thereby making IT teams more efficient and freeing them up to perform higher level functions that increase the business’s overall security.

Coping with complexity is a very real problem for IT security teams, but it is one that can be overcome. By embracing automation, organisations can be sure that nothing will fall through the cracks and, even when a new piece of software is introduced, the overall system will remain as secure and agile as possible.

Businesses addressing the technical complexity and the human factor of corporate networks can continue to grow and add new services, safe in the knowledge that their defences are stronger than ever.

Andrew Lintell, Regional Vice President Northern EMEA, Tufin

Share

Featured Articles

Exec Q&A: Alex Cruz-Farmer, Cisco ThousandEyes

Alex Cruz-Farmer, Principal Product Manager at Cisco ThousandEyes, explains how their technology brings new levels of visibility to hidden DX issues.

Cloud & 5G - Day 2 highlights from the in-person stage

TECH LIVE LONDON returned to the Tobacco Dock last week. Stage host and Technology Magazine Editor in Chief, Alex Tuck, breaks down the presentations

Cloud & 5G - Day 1 highlights from the in-person stage

TECH LIVE LONDON returned to the Tobacco Dock last week. The stage host and Technology Magazine Editor in Chief, Alex Tuck, discusses the key themes

TECH LIVE LONDON: Day 2 highlights of the hybrid tech show

Digital Transformation

TECH LIVE LONDON: An overview of the hybrid technology show

Digital Transformation

TECH LIVE LONDON: Begins tomorrow at 10am!

Digital Transformation