Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls by telling everyone “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications.
So it’s down the rabbit hole we go. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protection to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Senior Security Architect, Packetpushers
Michele Chubirka, also known as Mrs. Y, is a recovering Unix engineer with a focus on network security. She likes long walks in hubsites, traveling to security conferences, and spending extended hours in the Bat Cave. She believes every problem can be solved with a "for" loop. She also hosts a podcast called Healthy Paranoia, a security feed of Packetpushers. You can find her blogs and podcasts at http://www.healthyparanoia.net or http://packetpushers.net/author/securityprincess. When not blogging or podcasting, she can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
|Agenda coming soon|
Attend this workshop with any of the following Interop passes: