WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
The global nature of today's businesses has resulted in an explosion of new systems, applications and interconnections that IT organizations must implement and maintain. This explosion of e-connectivity, while enhancing the level of service an organization can provide, has created a tremendous amount of exposure that has businesses and vendors alike scrambling for solutions to make everyone's resources safe and secure.
Indeed, the complexity of a company's security environments has proportionately increased with expanding business requirements.
In recent years we've seen, for example, the mainframe environment move toward more comprehensive and highly secure access control systems. These systems require a highly specialized caliber of security management personnel to provide daily security management while lacking any type of intuitive interface for rapid modifications.
A Security Infrastructure Based On Company Policies
No single security tool can address this evolving enterprise-wide security challenge. Rather, it takes a centralized security management infrastructure to tie myriad security systems together, providing an enterprise-wide security view while allowing for distributed security administration.
Most application and platform security systems perform the same fundamental task: they allow administrators to add, change or delete user access. The complexity arises because they all have different environmental procedures and interfaces to perform these functions.
A comprehensive security management solution understands how to manage these disparate systems while supplying a simplified interface to them. This allows, for example, a single administrator to maintain security for a mainframe, network server and Unix system as well as an enterprise resource planning application, a mail server and a host of legacy homegrown developed applications.
Enterprise Security Management Is the Foundation
Before choosing an enterprise security management system, you need to examine whether a given product manages all or most of the systems in your organization's environment. If not, what commitments will the vendor make to provide this support? Likewise, you need to ensure the product will be able to accommodate your current environment and be scalable enough to grow as your network grows.
Deploying your chosen enterprise security management system requires a well-defined project plan and availability of personnel who are familiar with their security systems, applications and network environment. In addition to executive level commitment, cooperation between departments and internal organizational units is vital since they all stand to benefit. Getting all these groups involved early will result in a sound security foundation that will make it faster and easier to later implement additional security projects, such as reduced sign-on.
It's also important that your security management system provide immediate benefit in terms of easing the burden and expense of labor-intensive manual administration. Following a phased implementation approach will help ensure the system offers a distinct advantage over manual security management before it is even fully implemented.
Phase 1: Approaching Access Rights
First the central server and its management interfaces should be installed, configured and communicating with all associated agents and target security systems. This allows administration to be performed by a central security server, with some functions carried out by administrators using de-centralized workstations.
The next step is to add in authorized user information, be they employees, customers or contractors. This can be done by accepting existing employee information from your organization's human resource management system or enterprise directory.
The idea is to maintain user permission data at the enterprise level, so administrators aren't required to perform redundant transactions to define a person's access requirements. If agent software on a managed platform has the ability to monitor and acquire security changes made locally, it can update the central "enterprise" user definition with the new security information. This bi-directional communication flow allows the security management systems' repository to always be synchronized with its managed platforms. Since little or no customization is required, this phase of the implementation can be completed rather quickly to provide an immediate benefit to the organization.
Phase 2: Role-Based Central Security Management
The next phase to a central security management implementation is profiling and defining security roles. Roles must be flexible, to allow for users who are assigned to multiple roles. It should also be simple to change a user's role, given how frequently users change job responsibilities.
Once roles are created and operational within the security management system, an additional level of automation can be achieved. In a bank, for example, personal account tellers and commercial account tellers may need similar access to the same resources in order to perform their daily tasks. These associated functions can be associated with a role defined to the security management system. Once defined, a new user can simply be connected to a role and proper access is automatically given to them, eliminating many repetitive administrative tasks.
The process of role identification for the purpose of security management requires analysis of the organization's personnel, their positions and required access. This will take some time and diligence, but the benefits are well worth the effort. By managing user access based on title, organization or project association, a measurable level of integrity and automation is achieved.
Phase 3 and beyond
Once a basic central security management system is in production, the next phase is to address legacy and homegrown applications. The security management tool should offer a software development kit for integrating legacy systems and applications. This allows central security management with its automation to be extended to other applications.
At this stage it is also possible to enable users to perform for themselves many administrative tasks, such as the setup of a new user or password changes. Web-based interfaces may be added, for example, to request basic setup or changes to user profiles, eliminating the need for administrative intervention. Access request automation will also replace the email or paper-based procedures that often result in long processing delays and administrative errors.
Centralized, enterprise security management systems enable the automation of many security management tasks, freeing up scarce administrators for other duties. With the increasing amount of security technologies to address users and their access needs, it is critical to offer a solution that not only provides a comprehensive security management foundation, but allows implementation in phases that make sense and will work within an organization's business model.
Dean Brown is a product marketing manager for BMC Software, which sells the CONTROL-SA centralized security management system. For more information, visit www.bmc.com.