Making a Business Case for Network Hardening
Hardening a network does not always translate into spending large quantities of money. However, money will be required in some form or fashion. Whether that means spending it on new hardware, software, or man hours really depends on what needs to be addressed. It may include all of the above. The time may come when a cost/benefit analysis will be required by those in charge before hardening activities can move forward. As such, it's prudent to point out some of the non-technical benefits of network hardening for the business as a whole.
A Stable Work Environment for Employees
The more time you spend hardening your network, the safer it will be for not only your customers but your employees as well. As mentioned in Part 1, internal threats as just as prevalent as external threats. Your Human Resources department will undoubtedly have confidential personal information on file for every employee. This could include social security numbers, information on dependents, emergency contacts, home addresses and telephone numbers, etc. That information will most likely be stored in an electronic format somewhere on your network. Keeping that information safe and secure from prying eyes should be a priority. Network hardening can accomplish this.
A Hard Network = Security = Cost Savings
Security breaches cost money. Besides bad publicity, a breach could also result in data loss and corruption which results in lost productivity and extra man hours as efforts are put forth to repair the damage and plug the security holes. If proper research and testing is done up-front, the chances of experiencing a security breach are dramatically reduced.
An Insecure Network Breeds Insecure Customers
This item ties into cost savings as well. If you experience a security breach and word gets out to the public, this could potentially damage or ruin your company’s reputation. A great business marketing tool is the promotion of your system security. Giving customers a “warm fuzzy" that their information will be completely secure is critical in gaining their trust. Again, this illustrates the necessity of proper research and testing that may allow you to save face when an attempted breach is prevented.
So now that we’ve covered some of the non-technical aspects of network hardening, it’s time to address the meat of the subject. Which systems should be upgraded or modified? How do you know? What do you look for? These questions are the focus of Part 3: Research, Planning, and Implementation.