The Sun Bulletin: What, in your opinion, are the critical components that make a network truly secure?
Mauro Settimo Carini: Visibility, control, and administration are three critical characteristics of a secure network.To begin, it is critical to understand how the network is designed and how it is intended to perform.This includes what should be linked to what and how those links are made.This is not a minor matter because it is common to find branch offices or other locations with additional features such as local internet breakouts.
The rising use of remote work, where endpoints live on home networks with little visibility, adds to the complication.This relates to the control aspect: the network’s aim must be able to be enforced in a fashion that is as transparent to users as possible.Fundamentally, if security breaks users, security will break them.As a result, items like next-generation firewall services must be carefully evaluated in terms of placement and policy.The third component, management, is critical.
All visibility and controls must be maintained in a way that reduces administrative burden, preserves control integrity, enables quick reaction times to change requests, and assures good overall performance.
The Sun Bulletin: What are the most common weaknesses that internet businesses fail to address, in your opinion?
Mauro Settimo Carini: Businesses, in my experience, do not devote enough time to secure design or defensive coding, and they frequently struggle with good management processes.The combination of these
factors puts the organization in jeopardy since a less secure architecture is naturally more vulnerable to a wide range of difficulties, ranging from poor access control to a plethora of faults in commercial and open source software.
Poor design frequently leaves few solutions or mitigating variables available to lessen the exposure of those concerns.This means that the organization is reliant on quick response to eliminate the problem once it is recognized. All too often, however, ad hoc processes are used, which are resource and time intensive. Furthermore, it is human nature to make more blunders while under time constraints. The more issues that can be removed during the “design and build” phase, the less stressful the “manage and run” phase will be.
