Five Recommendations to Enterprises in the Middle East for Improving Network Security
In May this year, we posted results of our ‘network protection survey,’ which looked – among other things – at best practices in companies that were highly successful at network security. I will drill down into these best practices and how to achieve them. Some of the recommended actions have the added benefit of positively influencing multiple outcomes, so organizations in the Middle East can benefit by prioritizing these actions first.
Recommendation #1: Get rid of departmental silos. Among survey respondents, there was a high correlation between those who reported best results with those who enjoyed a high level of cooperation between network, security and application teams. You may need to retain data silos to ensure privacy and security, but colleagues should be made aware of those limitations. Technology can be a great facilitator to enforce essential policy and remove artificial boundaries or silos that limit data sharing across groups.
Recommendation #2: Pay attention to operational realities. In network security and network operations (and probably most areas of the enterprise), technology alone will not alleviate certain realities about doing business. Technology must be part of a strategy to optimize processes and help people make intelligent, intuitive decisions based on information (not data) and enriched with the right context.
Recommendation #3: Prioritize based on risk analysis. Actions should balance risk and reward. That requires laying the foundation for intuitive decisions with information and context derived not from all data, but from data required to provide a perspective on risk and impact on the business. Human beings should not have to correlate data themselves or use guess work to determine impact. To prioritize properly, they must have as much aggregated context as possible (that’s why getting rid of silos is so important).
Recommendation #4: Be realistic about security staffing. Finding staffers who are experienced in three key areas – networks, security and applications – is no picnic. Sometimes finding an expert in just one area is difficult. If you do find them, they’re likely to be expensive and in demand. That’s why it’s important to look for technology that reduces the need for adding staff with cross-departmental expertise and can augment existing staff with insight that would have required additional manual work or resources.
Recommendation #5: Automate routine tasks. Automation has value beyond avoiding mundane tasks and freeing people to make better decisions. It helps reduce delays and errors, as well as identifying incorrect or inefficient processes, while avoiding ad hoc workarounds. As survey respondents reported, automation institutionalizes tribal knowledge and allows staff to react more consistently when faced with certain situations.
Perhaps our key recommendation from the network survey is to remember that every solution encompasses people, process and technology. Overreliance on any one is hardly ever the right answer or approach.
About the Author
Mr. Sleiman has more than 20 years of sales, technical and business experience with some of the world’s leading networking and telecommunications technology companies. He has held key executive roles, including chief operating officer and chief technology officer at Core Communications, a software and IT services company focused on cloud-based business services and web and mobile apps. He spent more than six years at Cisco (News - Alert) in various leadership positions, the last being senior director, leading the enterprise business for Middle East and Africa. He also developed the strategic vision and technology roadmap, and managed all aspects of research and development, for Nortel (News - Alert) Networks in his role as CTO, Enterprise Business Unit.
Edited by Alicia Young