Familiar with the Cisco Annual Security Report?
Cybersecurity Month makes it a great time to look at Cisco’s Annual Security Report, a substantial yearly tome that brings us the research, insights, and perspectives of Cisco’s security experts as we all engage in the relentless struggle to protect ourselves from attackers. For this blog post, I’d like to drill down to page 45 of the 2015 edition of the report and call your attention to the company’s five-point “Security Manifesto.” It’s very useful advice for security teams attempting to respond to today’s cybersecurity challenges.
Security must be considered a growth engine for the business.
Security must work with existing architecture, and be usable.
Security must be transparent and informative.
Security must enable visibility and appropriate action.
Security must be viewed as a “people problem.”
Breaking Down the Manifesto
Let’s look at each of these five principles more closely:
1. Security must be considered a growth engine for the business: All too often, addressing security becomes a major constraint for an organization, but this is because security isn’t considered early enough in the evolution of a business project. Businesses need to involve security teams early on in projects that require the deployment of new technology. Likewise, security teams can’t be shy wallflowers waiting coyly for a chance to participate in the dance. They need to get actively involved.
2. Security must work with existing architecture, and be usable: This principle works hand in hand with the previous one. Security architecture must be able to work fluidly with technology architecture or else people will circumvent it. The earlier that security teams are brought to the table, the less likelihood there will be for architectural constraints being imposed by security issues.
3. Security must be transparent and informative: Users will be frustrated by vague security roadblocks they don’t fully understand, and might even try to bypass them. The more that organizations can explain why a certain security procedure is being implemented, the more they can count on cooperation.
4. Security must enable visibility and appropriate action: In order for security teams to become more active and accurate in identifying and responding to threats, they need tools for automating visibility into the network so that they can see not only traffic but the assets that make up the network.
5. Security must be viewed as a “people problem”: Strong security is not just about tools; it is about people being educated about the importance of security in all aspects of their everyday life. Well-educated users will make good decisions about security and be more likely to be proactive and ask questions if they sense there is a security compromise.
If you’ve been sufficiently inspired by the Cisco Security Manifesto, we urge you to check out the complete Cisco Annual Security Report. While you’re at it, explore what Cisco has to offer in terms of security and cybersecurity training and certification. And, let us know, are there any points that you would add to the five principles in the Security Manifesto?