/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsEnterprise users often employ multiple devices and exchange information from many locations. The network security managements still struggles to accomplish secure unified access.
According to Fortinet, the rising numbers and complexities of security rules and policies made by organisations leaves many clueless on how to deal with the changing threat landscape.
"Rules are constantly added to security devices, but seldom removed. This complexity goes out of control. The answer to complexity is not more complexity," said Vishak Raman, Senior Regional Director SAARC, at Fortinet.
The following are Fortinet's top five tips for minimising policy accumulation.
1. Drive Application Awareness. The process of simplifying security policies is challenged by the introduction of application-aware security; a key tenet of next-generation firewall technology. The ability to attach this to individual user-IDs in one place, and enforce it throughout the network and across network security functions is critical.
2. Enable Single-Sign On. Running distinct security policies according to different authentication environments can burden security management. Applying Single Sign On (SSO) is another instance where simplified security policy need not be at the cost of losing valuable context about the user's location or device.
3. Unify Wired and Wireless Network Visibility & Control. Runaway policy accumulation invariably occurs where wired and wireless network access is entirely separate for management purposes. Where both coexist, wireless usually has a more dynamic environment with similar levels of traffic as wired infrastructure; compounding the rationale for integrating both (including user-centric policies) for easier oversight and simplified monitoring and compliance.
4. Rationalise Network Security. Managing a large estate of specialised security devices from many different manufacturers is a sure fire way of multiplying the number of live security policies. Deploying a suite of complementary systems from the same vendor reduces operating costs by enabling easier and more responsive management with less policies, higher performance and better overall security. It also enables network access policies to be integrated with all other security policies.
5. Focus Smart Policies by Users and Devices. iOS, MacOS, Windows, RIM, Android, Ubuntu, Unix, Linux all require policy differentiation at some level, which can have a huge drain on management time. Combined with a SSO approach to policy enforcement at a unified ingress point onto the wired/wireless network, all policies can be determined according user ID, device type and location.