Network systems must build in trust along with security

Network monitoring and of best security practices are must haves

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

(Editor’s note: In this guest essay, Ed Par­adise, vice pres­i­dent of engi­neer­ing at Cis­co’s Threat Response, Intel­li­gence and Devel­op­ment Group, exam­ines why trust is more vital than ever in the Infor­ma­tion Age.)

Orga­ni­za­tions today have two main con­cerns. The first is secu­ri­ty. The sec­ond is assur­ing the integri­ty of the prod­ucts and data in their net­works.

Ed Paradise, vice president of engineering for Cisco's Threat Response, Intelligence and Development Group
Ed Par­adise, vice pres­i­dent of engi­neer­ing for Cisco’s Threat Response, Intel­li­gence and Devel­op­ment Group

Dis­tri­b­u­tion secu­ri­ty and integri­ty are key parts of a trust­wor­thy solu­tion. There­fore, the deci­sion of where an orga­ni­za­tion buys its infra­struc­ture is crit­i­cal. Coun­ter­feit or gray mar­ket prod­ucts can use infe­ri­or com­po­nents or ille­gal soft­ware. These unau­tho­rized chan­nels increase the risk of vul­ner­a­bil­i­ties and cost­ly ser­vice dis­rup­tions.

A trust­wor­thy dis­trib­u­tor will guard against mali­cious mod­i­fi­ca­tions or sub­sti­tu­tion of tech­nol­o­gy and mis­use of intel­lec­tu­al prop­er­ty. Trust­wor­thy ven­dors should be able to demon­strate con­trol over their design, devel­op­ment, sup­ply chain, man­u­fac­tur­ing and dis­tri­b­u­tion process­es.

To ver­i­fy trust­wor­thi­ness, ven­dors also should pro­vide immutable sources of con­fi­dence that are inte­grat­ed into their prod­ucts.

Orga­ni­za­tions need to con­tin­u­ous­ly mon­i­tor and man­age their net­work envi­ron­ment and sys­tems to look for the lat­est best prac­tices and be dili­gent in apply­ing them. Dili­gence is key. Orga­ni­za­tions can­not be sat­is­fied with meet­ing the bare min­i­mum required by com­pli­ance; con­tin­u­ous mon­i­tor­ing, audit­ing and foren­sics of infra­struc­ture are crit­i­cal. Then, as vul­ner­a­bil­i­ties occur, inci­dent response and assess­ment teams can col­lab­o­rate with ven­dors to address the breach or virus quick­ly and trans­par­ent­ly.

Secu­ri­ty & Pri­va­cy News Roundup: Stay informed of key pat­terns and trends

Trans­paren­cy is a nec­es­sary ele­ment of trust. A trust­wor­thy ven­dor should be able to con­firm that its prod­uct has not been com­pro­mised. Ven­dors should be able to con­fi­dent­ly attest that a prod­uct per­forms as expect­ed based on the ven­dor agree­ments, and that it hasn’t in any way been mod­i­fied or com­pro­mised between the time it’s sold and installed.

Orga­ni­za­tions are under unre­lent­ing attack, with secu­ri­ty breach­es hap­pen­ing every day. A glob­al com­mu­ni­ty of hack­ers are cre­at­ing advanced mal­ware and launch­ing it via mul­ti­fac­eted attacks and through mul­ti­ple attack vec­tors into orga­ni­za­tions of all sizes.

These breach­es tar­nish rep­u­ta­tions, deplete bud­gets and con­tribute to a loss in cus­tomer con­fi­dence. Gov­ern­ments also need to step up to the plate by prop­er­ly weigh­ing the eco­nom­ic costs in terms of dam­age to trust before they act, even in the name of nation­al secu­ri­ty. For their part, IT secu­ri­ty pro­fes­sion­als must respond with best prac­tices that orga­ni­za­tions can imple­ment in advance of an event. These best prac­tices also enable enter­pris­es to respond quick­ly before, dur­ing and after an attack.

More sto­ries about secu­ri­ty and trust:
Poll: Amer­i­cans have lit­tle trust in data pri­va­cy and secu­ri­ty
‘Let’s Encrypt’ seeks to fos­ter trust in web traf­fic
Bit­glass embeds encryp­tion secu­ri­ty in a pri­vate cloud