By now, you've probably figured out that simply installing a firewall and some basic anti-virus software is not going to cut it when it comes to protecting your network and precious data. Determining exactly what security measures you need to implement, however, is not so simple - it's a balancing act of critical need, time and, of course, money.
The Security Architecture Roadmap Tool, from our partners at Info~Tech Research Group, allows you to quickly outline your business and data environment, then gives you a network diagram of suggested security backbone measures. The Excel-based tool is available for free to IT Business Edge members here in the IT Downloads library.
The tool asks you five very general questions about your tolerance for risk in certain key security areas, including connection with third-party networks and how much of the data your organization handles could accurately be described as "sensitive."
In this example, we described our shop as having a very high need for security and as handling a lot of sensitive data. We also said that we don't have a lot of remote users and that we don't connect to a lot of other networks or allow them to connect to us - a pretty closed environment.
You can see the suggested network diagram in the figure below.
It's a clean layout - user and server network segments that connect to the Internet with basic firewall/DMZ measures in place. When you don't let a ton of folks on your network, controlling access can be pretty straight-forward.
The tool also asks you about which security building blocks you've already implemented and lays out up to 15 components you definitely need to get in place, based on the security-needs scenario you have described. You can see an example of the "roadmap" below.
In our example, we told the tool that we had not implemented either Endpoint Encryption or Data Leak Prevention systems - pretty big oversights for a company that is so worried about security that it does not allow its own users to access the network remotely. If we had said that we are more open in allowing users and third parties to connect to the network, we would have been advised to include technologies like Dual Internet Connections and Internal Firewalls in our architecture.
It's a neat tool that gives you a quick evaluation of your security architecture in both action plan and diagram format - which your engineers are sure to love.
If you are getting serious about network security, you should also download the Security Infrastructure Policy, also from our partners at Info~Tech. We walked through some of the policy's security prescriptions - and the consequences for violating them - in this recent blog post. User and management policy is always the lynchpin of a strong security environment, so be sure to check it out.