<div dir="ltr"><a href="https://www.itproportal.com/features/five-network-security-deficiencies-endangering-your-corporate-data/">https://www.itproportal.com/features/five-network-security-deficiencies-endangering-your-corporate-data/</a><div><br></div><div><p>The adoption of cloud technologies is rapidly becoming a priority for businesses, with the <a href="https://www.cloudcomputing-news.net/news/2017/dec/19/2018-cloud-trend-return-premises-solution/%20" rel="nofollow" target="_blank">UK business adoption rate already at 88%</a>.
Increased agility, reduced cost and easily accessible data are at the
heart of why businesses have been jumping towards the cloud, keen to
profit from the many advantages it has to offer. While more and more
sensitive company data is being moved into the cloud, the security of
that data has become a critical issue for organisations in many
industries. </p><p>Barely a week seems to go by without news of another
cyber-attack hitting the headlines, prompting businesses to invest
heavily in next-generation technologies in an attempt to protect their
infrastructure and keep their confidential data secure. In fact, Gartner
has forecast that <a href="https://www.gartner.com/newsroom/id/3836563" rel="nofollow" target="_blank">worldwide enterprise security spending</a> is set to reach $96 billion in 2018, up 8 per cent from last year. </p><p>One
such technology that plays a key role in securing the organisation are
network security policies. These rules ensure that only the right
people have the right access to the right information, putting the
organisation in the best possible position to prevent breaches from
occurring. </p><p>However, there are several common pitfalls that
businesses can fall foul of when implementing their security policies.
Here are five of the most prominent that could be leaving your business
vulnerable to cyber-attacks. </p><h3 id="gmail-1-having-poor-visibility-over-the-network-xa0">1. Having poor visibility over the network </h3><p>Arguably
one of the biggest mistakes a company can make when configuring network
security policies is to attempt to put policies in place without first
gaining full visibility of the network.</p><p>Today’s enterprise
networks are vast and complex, and organizations often struggle to gain
full visibility. This hinders the ability to put strong policies in
place. This is also the case when making necessary changes to those
policies across the entire network. For example, if one policy is
changed it might have the knock-on effect of reducing security somewhere
else. By incorporating a centralised solution that looks across the
whole technology architecture, staff can manage all corporate policies
through a single console and see the potential implications of policy
changes before they are made. </p><p>To put it another way, you can’t manage what you can’t measure – so start with visibility. </p><h3 id="gmail-2-not-aligning-network-security-policies-xa0">2. Not aligning network security policies </h3><p>This
one may sound obvious, but having network security policies in place is
self-defeating if they inhibit the business they were intended to help
protect in the first place. </p><p>Businesses are sensitive to the fact
that they need to comply with measures to protect critical assets, but
if that prevents them from using the applications essential to getting
the job done, they will find ways around these policies. The solution
is to provide visibility into how application connectivity is maintained
in coordination with underlying network security policies. This
approach ensures that the business and security teams are always in sync
and aligned to the end goal. From a management point of view,
businesses need to have visibility into their application connections in
order to understand the effect that could accompany any network policy
changes and their impact. </p><h3 id="gmail-3-leaving-open-vulnerabilities-xa0">3. Leaving open vulnerabilities </h3><p>Today’s
cyber-attacks are becoming more sophisticated than ever before and new
variations of both known and unknown threats are being discovered at an
alarming rate. </p><p>For example, 18 million new malware samples <a href="http://www.pandasecurity.com/mediacenter/pandalabs/pandalabs-q3/" rel="nofollow" target="_blank">were discovered</a> in Q3 2016 alone – equal to 200,000 per day – and ransomware attacks on businesses <a href="https://securelist.com/kaspersky-security-bulletin-2016-story-of-the-year/76757/" rel="nofollow" target="_blank">reportedly</a> increased three-fold between January and September 2016. </p><p>This
means organisations must keep their network policies up to date by
carrying out regular patches and system analysis, which requires a
centralised management system that looks across the whole IT
environment. </p><p>Hackers are constantly on the lookout for
vulnerabilities, meaning no company - irrespective of size of industry
focus - can afford to leave holes unplugged. </p><h3 id="gmail-4-creating-inflexible-policies-xa0">4. Creating inflexible policies </h3><p>Striking
the right balance between security and convenience is not an easy task,
but key to ensuring policies are adhered to. Any procedures that
significantly hinder an organization’s agility or an employee’s ability
to do his or her job will likely result in them being overlooked or
ignored. </p><p>The other danger is that staff will find a workaround,
which can potentially have serious security and compliance implications.
This is when ‘shadow IT’ comes into play, where employees use
applications at work without the company’s knowledge or control -
according to <a href="https://www.spiceworks.com/marketing/state-of-it/report/" rel="nofollow" target="_blank">one poll</a>,
78% of IT pros said their end users have set up unapproved cloud
services – each of which can represent a potential unmanaged risk. </p><p>It
is therefore essential that organisations have tools in place that
allow them to easily adhere to and manage security policies. Anything
that forces people to drastically change the way they work, or results
in an organization’s lack of agility, is counterproductive. Increased
security interwoven with business agility is the ultimate goal. </p><h3 id="gmail-5-not-embracing-automation-xa0">5. Not embracing automation </h3><p>As
complexity in virtually all areas of network security and compliance
has increased, automation has grown to become a central component. There
are now simply too many change requests to increasingly diverse
networks for security teams to keep track of manually, leading to human
error and increasing the exposure of the business. The role of
automation is now not only a possibility but an essential tool for
keeping pace with this degree of change and complexity. </p><p>Finally,
automation also has a key role to play in network security policy
management and continuous compliance. Policy-driven automation ensures
that an organization is compliant with internal and industry guidelines
at any given point in time. However, it also means that the control
plane can be adjusted at policy level and then implemented immediately
across the network, further lifting the security level when required
through adjustment, and delivered as a business-as-usual task. By
connecting security to operations in this way, companies can vastly
improve their resistance to constantly evolving threats. This is a
critical point in making a tight security posture a reality all the
time, rather than “better” for a moment in time. </p><p>With a shortage
of skilled IT professionals, and a dependence on the work they do, these
teams tend to be stretched on a day-to-day basis within their
organisations by mundane administrative tasks below their paygrade. </p><p>A
comprehensive network security infrastructure should therefore look to
policy-based automation in order to reduce complexity, increase
visibility and free up resources to focus on more complex tasks. </p><br></div></div>