Think About Security as a Constant Effort – Not Project

Security and thus also Cybersecurity needs to be thought of in a different manner.

Education about information security has to be put together well.

We have to understand the whole environment and people need to follow what corporate recommends for security reasons.

 

Why?  because individuals should not create corporate blindspots either knowing or unknowing.

blindspotfortrucks (image from Transport of London)

We know of blind spots Trucks have blind spots and when the truck turns it is not possible to see certain areas very well or in some specific spots not at all.

Your network can have blindspots as well. Did an employee bring in their own wifi device and plug it into the network?

Are your employees downloading apps and software on their computers?  Like Dropbox? Some fancy social app that unknown to you discloses information that is normally a trade secret or can destroy your cybersecurity efforts?

Do you have cloud services? Are all cloud services properly segmented? Can a computer on your network affect data on the cloud? Where are your backups? Are backups onsite or offsite?

Some Ransomware is depending you to connect your backup so they can encrypt the backup as well.

Are you tracking all your devices on the network?

Are you performing network sweeps for devices? Do the devices you do know no longer have default passwords?  Such as cameras on the network? UPS backups that are on the network. Anything that is connected on your network can be a blindspot.

Don’t use only one vendor at testing and probing devices in your network. Using only one vendor can have a blindspot itself.

networkdiagraminternal-external

Diagram from Jon McCoy’s slides¹ Appsec USA 2014

What about virtualized servers? I.e. multiple servers on a single physical box.  What is on your production network? Management network? can you see all the virtual machines on the virtual network cards?  If there are there redundant switches is each switch as secure as the primary?

A proper network analysis will find your network blind spots, and then you will have some choices to make.

Will you make the choice to be more secure? Or  have more freedom with customer needs?

We can’t create an environment that is 100% secure while having all the function that we want or need.  This effort is not a one time effort you can see this effort has to be consistent to work well.

The trick is to balance both. Contact me to find out how it can be done quickly and efficiently.

 

 

  1. http://www.slideshare.net/jonmccoy/jon-mccoy-appsecusa2014defend-by-design

1 thought on “Think About Security as a Constant Effort – Not Project”

  1. Very nice post here thanks for it .I always like and such a super contents of these post.Excellent and very cool idea and great content of different kinds of the valuable information’s.

Leave a Reply to abiya

This site uses Akismet to reduce spam. Learn how your comment data is processed.