Security and protecting your environment are the biggest challenges now. Is this because we don't have software to protect our environment or is it anything else?
In the past, I started with mainframes and no worries about hackers.
Today, we are dealing with a silo approach. Servers are at various locations, ICT staff is working in a silo environment and we are dealing with applications in separate locations: cloud environments, multiple clouds, and a hybrid one.
For ICT staff it's difficult to keep an eye on this complex environment and did we close everything. Next, we have vendors changing browsers at a rapid speed as well OS vendors. A lot of times we must apply fix packs as an emergency solution to close a security gap.
If you have a lot of servers and desktops in various locations and do not have the right tools it will be difficult to detect if you have a security breach somewhere in the environment.
How do we start?
Most of the time, security is closing security holes in our environment. But how do we know?
First, the architecture of your environment. You need to look holistically through the complete environment. For example, the IT architecture. Do you know how a transaction flows over your network, from an end-user over routers, switches, firewalls, load balancers, servers, databases, webservers, etc.?
Now you know why a CMDB ( Configuration Management Database) and IT landscape discovery tools are important. All our IT assets will be placed in a CMDB: the last access date, the change date, and who has changed or created the asset. This way we can monitor unauthorized access.
Next, we need to learn how applications communicate, about open ports, public IPs, etc.
This is part 1 and I will continue next week.