整体安全策略可优化网络安全成本

Laurent Bouchoucha

2023年1月9日

企业必须评估自己的需求, 减少重叠，制定全面的计划来扩大他们的网络安全预算.

The exponential rise in the volume of Internet of Things (物联网) brings with it an increase in the potential for cybersecurity breaches. Each device, sensor, camera or other object has the potential to make a chink in the armour. That means enterprises must seriously assess the budget implications of rising security costs. 只购买安全点产品的日子已经一去不复返了, 例如防火墙, 入侵检测系统和网络访问控制系统. 今天 enterprises are investing in managed services to improve network security like risk assessment and analysis, 培训员工成为网络防御者, 以及正在进行的网络和网站脆弱性评估. 这就是事情的发展方向. The question is how can you optimise your network security costs in this challenging new landscape?

了解自己的需求

显然，在某些领域，网络安全支出会出现超支. Take, for example, buying, deploying and maintaining a myriad of independent security solutions. 多个解决方案意味着重叠，从而导致成本效率低下. Businesses must assess their needs and have a clear understanding of each solution’s purpose, 以及供应商之间所需的集成级别. 同样重要的是要注意，许多安全解决方案都是超大的, 尤其是软件许可部分. In many cases some of this spending would be better re-directed to focus on other more critical areas.

One area that can make a notable difference is a simple right-sized network with secured access. 这种技术是存在的，被称为网络访问控制(NAC)。. Unfortunately, adoption has lagged, because it can be expensive and complex, depending on the vendor. 然而, the reality is that it can be even more painful when human-based processes for security configurations lead to potential errors, 哪些最终会产生额外的成本. 安全补救也是如此, 缺乏基本的自动化机制会导致不必要的帮助台成本. 今天, simple and cost-optimised network automation exists and should be a key area w在这里 businesses are willing to spend some money.

5注意事项

减少, or at least maintaining security costs requires innovative solutions and adoption of specific network frameworks and policies across a business. 以下是我的5条建议:

1. 采用零信任方法: Zero trust provides office and remote users with secure connectivity without exposing networks to external attacks and lateral movement risks, 最终降低数据泄露成本. 在授予任何访问权限之前，必须对用户进行安全配置认证. This authentication and authorisation process must be automated to limit potential errors which can lead to increased costs. 用户或对象与网段和安全策略的映射是动态的, 策略驱动的，基于身份验证. 以及零信任方法, a new convergence of network and communications technologies with Artificial Intelligence for IT Operations (AIOps) automatically alert IT stakeholders in real-time about security breaches, 能够立即采取行动，降低损失成本.

2. 投资于统一的有线和无线网络管理系统: This zero trust approach must be the same for wired and wireless for the sake of simplification and reduced Total Cost of Ownership (TCO). 整合网络安全策略, applications and connectivity requirements into one unique platform will reduce time and costs required to train staff on multiple systems, 并大大缩短了实施和行动之间的时间.

3. 了解成本不应该出现诸如对昂贵的软件许可证收取过高费用之类的意外情况. 此外，确保TCO解决方案协议在一开始就很清晰. 寻找包含多个许可证的单一成本提供商, 而不是每个功能都有许可证，因为许可证会很快增加.

4. 考虑运营支出和资本支出: New hybrid models of operating expenses (OpEx) and capital expenditures (CapEx) are a great option if you have a constrained budget. Flexibility lets businesses invest in the latest innovation through subscription services. Cloud-based subscription models offer access to the latest secure technology with incredible speed and scale at an affordable rate. 这些服务也被称为网络即服务(NaaS)。.

5. 部署最佳实践: Discussions with business and operational stakeholders are necessary to develop security policies. The new security policies must be tested thoroughly before activation to ensure essential activities are not disrupted. 例如, an existing device that currently has unauthorised access could actually be part of a mission-critical activity. Network quarantining without testing could create an inadvertent impact if the device’s access is altered.

综合方法

企业不能再仅仅依靠软件和硬件的安全. The safety of the network must be woven into the fabric of an organisation's operations rather than treated as add-ons. 采用多方面的安全措施, 包括vpn, 防火墙和IAM (Identity Access Management)提供分布式安全.

A multi-layered approach to cybersecurity provides extra barriers against cyberattacks and is preventive, 确保IT资产和数据的安全，并控制未来的成本. 这允许对用户访问进行更多的控制, 同时降低物联网漏洞对安全的影响, 移动和网络设备. 最终, preventing breaches from serving as an attack vector and providing a trusted business ecosystem.

基础设施是否完全到位, 管理或远程操作, 必须对其进行持续监测以识别, 阻止和纠正任何企图或攻击. 网络组件必须保持最新，并且易于管理. One of the most critical challenges in cybersecurity is no longer the technology but the agility, 哪些会减少行动时间. This can only be achieved if strategies are approached holistically and centrally managed.

Access to cloud applications is a must, due to the rise in hybrid and remote working models. 然而, 随着基于云的系统和移动设备数量的增长, 需要保护的边界也变得更加广泛.

A Secure Access Service Edge (SASE) complements a secured LAN and 无线局域网 campus to address hybrid working. This framework for network architecture combines SD-WAN and VPN capabilities with cloud-native security features like firewalls, 安全的web网关, 云访问安全代理, 零信任网络访问. 基于云的SASE为用户提供安全的连接, 系统和端点, 到任何地方的应用程序和服务. 而不是专注于安全防线, SASE强调用户, 允许更多的动态连接到应用程序和服务. 这意味着它可以提供企业所需的广泛的基于云的安全性, 借助VPN功能.

网络安全不能孤立地运作. The ever-increasing number of vulnerabilities means an organisation must keep its network agile and supported at all times, 随时准备应对任何新的潜在威胁. 安全部署也必须遵循最佳实践. A holistic security strategy combined with effective employee cybersecurity training offers greater defence against cyberattacks and ensures enterprises have the resources they need, 何时何地需要他们.

要了解有关构建零信任架构网络的更多信息，请下载此文件 电子书.