A holistic security strategy optimises cybersecurity costs

Laurent Bouchoucha
1월 09, 2023

Enterprises must assess their needs, reduce overlap and make a comprehensive plan to stretch their cybersecurity budgets.

Cybersecurity blog main image

The exponential rise in the volume of Internet of Things (IoT) brings with it an increase in the potential for cybersecurity breaches. Each device, sensor, camera or other object has the potential to make a chink in the armour. That means enterprises must seriously assess the budget implications of rising security costs. Gone are the days of just purchasing security point products, such as Firewalls, Intrusion Detection Systems and Network Access Control Systems. Today enterprises are investing in managed services to improve network security like risk assessment and analysis, training to help employees become cyber-defenders, as well as ongoing network and website vulnerability assessments. This is where things are headed. The question is how can you optimise your network security costs in this challenging new landscape?

Know your needs

There are clearly some areas where cybersecurity overspending happens. Take, for example, buying, deploying and maintaining a myriad of independent security solutions. Multiple solutions mean overlap, and consequently, cost inefficiencies. Businesses must assess their needs and have a clear understanding of each solution’s purpose, as well as the level of integration required between vendors. It’s also important to note that many security solutions are oversized, especially the software licensing portion. In many cases some of this spending would be better re-directed to focus on other more critical areas.

One area that can make a notable difference is a simple right-sized network with secured access. Such technologies exist and are called Network Access Control (NAC). Unfortunately, adoption has lagged, because it can be expensive and complex, depending on the vendor. However, the reality is that it can be even more painful when human-based processes for security configurations lead to potential errors, which ultimately incur additional costs. The same goes for security remediation, where the lack of even basic automation mechanisms can cause unnecessary help desk costs. Today, simple and cost-optimised network automation exists and should be a key area where businesses are willing to spend some money.

5 Considerations

Reducing, or at least maintaining security costs requires innovative solutions and adoption of specific network frameworks and policies across a business. Following are my top 5 tips for consideration:

1. Adopt a zero trust approach: Zero trust provides office and remote users with secure connectivity without exposing networks to external attacks and lateral movement risks, ultimately reducing data breach costs. Users must be authenticated for security configurations before any access is granted. This authentication and authorisation process must be automated to limit potential errors which can lead to increased costs. Mapping of users or objects to network segments and security policies is dynamic, policy-driven and based on authentication. Together with the zero trust approach, a new convergence of network and communications technologies with Artificial Intelligence for IT Operations (AIOps) automatically alert IT stakeholders in real-time about security breaches, enabling immediate action and reducing damage costs.

2. Invest in a unified wired and wireless network management system: This zero trust approach must be the same for wired and wireless for the sake of simplification and reduced Total Cost of Ownership (TCO). Consolidating network security policies, applications and connectivity requirements into one unique platform will reduce time and costs required to train staff on multiple systems, and drastically reduces the time between implementation and action.

3. Understand the costs: There should be no surprises such as over-charging for costly software licenses. Also, make sure the TCO solution agreement is clear upfront. Look for a provider with one cost that covers multiple licenses, rather than a license per feature which can quickly add up.

4. Consider OpEx and CapEx: New hybrid models of operating expenses (OpEx) and capital expenditures (CapEx) are a great option if you have a constrained budget. Flexibility lets businesses invest in the latest innovation through subscription services. Cloud-based subscription models offer access to the latest secure technology with incredible speed and scale at an affordable rate. These offers are also known as Network as a Service (NaaS).

5. Deploy best practices: Discussions with business and operational stakeholders are necessary to develop security policies. The new security policies must be tested thoroughly before activation to ensure essential activities are not disrupted. For example, an existing device that currently has unauthorised access could actually be part of a mission-critical activity. Network quarantining without testing could create an inadvertent impact if the device’s access is altered.

A comprehensive approach

Businesses can no longer rely solely on software and hardware security. The safety of the network must be woven into the fabric of an organisation's operations rather than treated as add-ons. Adopting a multi-faceted security approach, including VPNs, firewalls and Identity Access Management (IAM) provides distributed security.

A multi-layered approach to cybersecurity provides extra barriers against cyberattacks and is preventive, ensuring the security of IT assets and data as well as keeping future costs in check. This allows more control over user access, while lowering the security impact of vulnerabilities created by IoT, mobile and network devices. Ultimately, preventing breaches from serving as an attack vector and providing a trusted business ecosystem.

Whether the infrastructure is fully on premises, managed or remotely operated, it must be continuously monitored to identify, block and remediate any attempts or attacks. Network components must be kept up-to-date, and easily managed. One of the most critical challenges in cybersecurity is no longer the technology but the agility, which can reduce time to action. This can only be achieved if strategies are approached holistically and centrally managed.

Access to cloud applications is a must, due to the rise in hybrid and remote working models. However, as cloud-based systems and the number of mobile devices grow, the boundaries to secure also become more widespread.

A Secure Access Service Edge (SASE) complements a secured LAN and WLAN campus to address hybrid working. This framework for network architecture combines SD-WAN and VPN capabilities with cloud-native security features like firewalls, secure web gateways, cloud access security brokers, and zero trust network access. Cloud-based SASE offers secure connections for users, systems and endpoints, to applications and services anywhere. Rather than focusing on a secure perimeter, SASE emphasises the user, allowing for more dynamic connections to applications and services. This means it can provide the wide-reaching cloud-based security that businesses need, with the help of VPN capabilities.

Cybersecurity cannot operate in silos. The ever-increasing number of vulnerabilities means an organisation must keep its network agile and supported at all times, ready to react to any new potential threats. Security deployments must also follow best practices. A holistic security strategy combined with effective employee cybersecurity training offers greater defence against cyberattacks and ensures enterprises have the resources they need, where and when they’re needed.

To learn more about building a Zero Trust Architecture Network, please download this eBook.

Laurent Bouchoucha

Laurent Bouchoucha

VP Business Development, Network Division

Proudly leading a team of experts in the areas of: solutions marketing, business program management, solutions architecture, pre-sales and business development. Driving and supporting execution of our aggressive growth strategy on campus and data center networking.

저자에 대해

최신 블로그

a man and a woman looking at a laptop

랜섬웨어 시대 캠퍼스 사이버 보안에 맞서다

캠퍼스 사이버 보안 위협을 줄이기 위한 전략을 사용하면 악의적인 사용자 액세스를 제한하고 노출을 줄이는 데 도움이 될 수 있습니다. 

Blog 1200x299
Autonomous Network

Wi-Fi 6란 무엇이며 왜 관심을 가져야 할까요?

802.11 ax는 차세대 무선 네트워크 표준인 Wi-Fi 6입니다. 이 표준의 이점에 대해 읽어보고 팟캐스트에서 전문가들의 의견을 들어보세요.

Blog 1200x299

비즈니스 운영과 직원의 안전을 동시에 유지하는 법

위기의 시대에 간단하고 안전한 원격 네트워킹 솔루션으로 끈김없는 비즈니스 운영과 직원의 안전을 동시에 실현할 수 있습니다.


강력한 공용 Wi-Fi 네트워크를 구축하는 방법

모바일 및 IoT 연결의 보편화가 도시의 Wi-Fi 환경에 부담을 가중하고 있습니다.  아래에서 강력한 공용 Wi-Fi 네트워크를 구축하는 방법에 대해 알아보세요.

Tags - 보안, WLAN