Most security products are by tradition point products targeted to solve one or (if you are lucky) two problems at the time. I have a history in networking and every time we did anything we talked about the implications from an architecture perspective. The main purpose was to make sure that that the traffic in the network was running as efficient as possible (with as much up-time as possible).
In the security space we often seem to lack this knowledge. We gladly add new products into the network without thinking about if they co-exist with other parts of the infrastructure. We add new mobile solutions that does not work with the authentication system, we add access systems that does not work with the LDAP system, we install BIG firewalls and leave the network open, we build a DMZ and then we let PC:s connect behind the DMZ the same time (split tunnelling...) etc etc.
So learn from the networking people and think from an architecture point of view, I bet there is money to be saved from this approach.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment