Why Network Awareness Matters More Than Ever for UK Organisations

The modern business is, unavoidably, a digital one. The online nature of modern life is not something that businesses can escape, even if they exist primarily in material spaces; the internet is a hyperextension of existing socio-economic reality, and a space in which commerce is now most commonly undertaken.

It would take an especially sheltered business to be unaware as to these facts – but these aren’t the businesses towards which the following words are pointed. Rather, there’s a sweet spot of businesses new and old, busy enough to be something of a danger to themselves. Such businesses rely on digital, interconnected architectures to thrive, but are unaware of the dangers they face as a result of naïve approaches to the same architectures.

1) Shadow IT, Hybrid Estates, and the Visibility Gap

When thinking about information technology, and the various risks it can represent for the average business, it is easy to default to preconceived notions about security lapses; hacked mainframes, compromised executives, figurative Ethan Hunts rappelling their way through the laser grids of otherwise airtight security systems. But the reality is a little more banal – and one of risks created, more or less, by management and human behaviour.

Where any business exists in multiple places, security risks abound. As a hybrid business, with local storage, private and public cloud services, and hybrid-working employees, the points of failure for operational security are higher than otherwise. Shadow IT is a great example of this, referring broadly to the interpolation of unapproved technologies into a sensitive workflow. Such technologies, whether unsanctioned applications or otherwise, can present significant issues for businesses; they have the potential to be backdoors.

2) Segmentation and Least Privilege at Network Level

How, then, does one properly address the safety of a hybrid estate? The answer is not in attempting to police shadow IT realities; humans are human, and any attempt to sanction unapproved IT will not yield appreciable results. Control, though, is possible – through network segmentation and ‘least privilege’ access.

Network segregation, simply put, is the isolation of individual nodes in a network from one another. Parts of a network are, hence, not automatically connected to one another, halting the movement of data from one to another without requisite permissions. Least privilege, meanwhile, concerns employees and the granting of minimum-level access; that is, employees do not gain access to things they do not require, even out of convenience.

3) Telemetry That Security and Ops Can Share

These technologies can be applied broadly, but doing so blindly risks losing understanding of IT weak spots. Shared telemetry is the solution to this particular snag, where information can be collected and processed to understand risks inherent to segments in a network. Network intelligence, in this sense, enables shrewd management of network security.

4) Getting Started: Quick Wins and Roadmap

So, where to start with all this? Well, benchmarks are invaluable. Identifying and setting KPIs for network safety are crucial for measuring results – which means knowing where you are, and where you want your business to be with respect to OpSec and more.