Jul 1, 2021

From an IT security assessment to an IT security roadmap – How to successfully redesign the IT landscape.

The coronavirus pandemic has seen the digital transformation really take off at German companies, driven by those sitting at the top tables. However, these are the same people who are responsible for IT security, so how can companies adapt their IT landscape to current security requirements?

written by

Team Leader Network & Security Engineers – CC-BISS

E-Mail: hans-juergen.martini@bechtle.com

Digital transformation risks.

The benefits of a digitalised corporate world have to be balanced with its risks as its never been easier for cybercriminals to get their hands on corporate secrets and customer data. They can also sabotage ongoing operations through, for example, a ransomware attack if companies do not have sufficient security in place. The result? GDPR-related lawsuits due to lost customer data and far-reaching consequences for the company’s reputation. That’s why, these days, business leaders have to ensure there is a comprehensive security strategy in place to protect the benefits of the digital transformation.

IT security challenges.

Cyberattacks have become one of the biggest threats to business operations and the Hafnium attack has made very clear to every IT manager that potential risks and methods of attack are becoming ever more sophisticated, and IT admins find themselves treading a fine line between ensuring enterprise-critical data communications and making sure these communications channels and their related applications are secure. And when it comes to budgets for current IT security concerns, corporate management pockets are not always deep enough to keep CISOs and IT security managers happy.

What does that mean? Thankfully, in companies today, the topic of IT security tends to be top of the agenda for aligning corporate IT, but the roadmap and targets are not  described in detail.

Information technology – Now and then.

In the past, IT infrastructures and computer networks were developed as necessary connections between IT end devices and servers with IT security tending to play a lesser role. Networks were flat and offered little to no security, which, according to the BSI, is still the case in many German companies today. Looking at the current state of IT security in organisations, it can be no surprise that cybercriminals keep finding ways in.

Security-oriented IT infrastructures.

Despite that, we are seeing a trend towards the secure provisioning of networks and entire IT infrastructures with topics such as micro segmentation, software-defined networking, access and data flow control, next-generation firewalls, identity management, SIEM, analytics and SOC services playing critical roles. We’re in the midst of a paradigm shift with a switch being made from a connection-oriented planning approach to a security-oriented and application-centric approach to IT planning. In contrast to earlier planning models in which the focus was primarily on connecting locations, these days applications and users are taking centre stage.

Future alignment.

In the incredibly dynamic and fast-paced age we live in, partly resulting from the coronavirus pandemic, managing directors and IT decision makers are being increasingly confronted by the demand for IT security that meets their specific needs. It’s critical to stay one step ahead whatever happens.

Mobility is gaining momentum to such an extent that what was once treated as something special for specific departments has become firmly embedded in many companies and has even become integral to their business model. The topics of home office and the Workplace of the Future are on everyone’s lips. The ongoing transformation of applications and identities in the cloud has become synonymous with in-house digitalisation and the hallmark of a future-proof company.

Entire networks and data centres are being restructured or modernised in order to be able to implement the necessary IT security requirements. New, internal next-generation firewalls are being installed in (cloud) data centres to protect important servers and applications against malware and unauthorised access, wide-area networks (WAN) are being transformed into software-defined WAN (SD-WAN) to secure the connection to the cloud and make corporate communication more efficient, and traditional remote access solutions are being morphed into modern SASE solutions.

Security managers are well aware of the tightrope they are walking and understand that there is definite room for improvement. IT security measures are helping to minimise risks in these challenging times, reducing the probability of costly attacks and therefore securing added value and not least jobs.

Analyse. Sort. Process.

So, how do organisations manage to keep an overview of the patchwork of IT security requirements, business-driven demands, corporate processes and daily business and identify the right measures and projects for secure IT?

The question of how to tackle the challenge of redesigning the IT landscape—which is no small task for most SMEs—can be answered with three simple words. The status quo must first be evaluated (Analyse), priorities set (Sort) and projects deduced (Process).

An IT security assessment can help in this respect as it analyses the current state of the IT infrastructure. Based on a wealth of information, the current starting point and taking into account best practice strategies, our IT security specialists at BISS (Bechtle Internet Security & Services) are able to develop a blueprint for a potential new direction for your IT security.

The included roadmap encompasses priorities and work packages meaning you have clear recommendations for action and always have an eye on time-related aspects.

Get in touch and we’ll help you future-proof your IT with the right security architectures.

Share article

Published on Jul 1, 2021.