2014 initiatives

With the new year underway, what are some of your infrastructure initiatives in terms of security, consolidation, reorganization, documentation etc. for 2014 and the years to come? I would love to assess the commonalities across the various industries.

I would, not only, like to know the initiatives, but also the steps/methods you are taking/plan on taking in hopes of acheiving these targets.

Thanks.
LVL 21
netcmhAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David VanZandtOracle Database Administrator IIICommented:
Regrets, to my employer this constitutes phishing.  Perhaps you could rephrase the question?
btanExec ConsultantCommented:
Pardon not able to share the industry...

Network infra - Consolidation of network service routing and monitoring, separating the rule from the actual routing task. Kinda of SDN scheme and exploration of network virtualisation functions but within internal DMZ for intra services transaction and external DMZ for incoming exposed e-service transaction

Application infra - Webification of appl across application delivery layer where consolidation comes in to reduce the footprint and stay green on the physical servers, as well as power consumption. Create a SOA layer to allow various client devices esp the mobile smartphone that can come from wireless or wired for those tablet/notebook remote access.

End to end encryption include network channel to and fro of the organisation application. of course not forgetting the typical security review and vulnerability mgmt on top of the patch mgmt. Ideally is to move from spread scanning to centralised (agent) based scanning with policy driven vulnerability mgmt and central push of fixes and patches esp the emergency security hotfixes.

I will not say the cloud infra is hot as the whole idea is to make sure the house is well kept before exploring the external hosted platform...
netcmhAuthor Commented:
Thank you, breadtan. I agree with the cloud infrastrucure comment.

Please keep the info coming. Document templates and initiative samples will also be highly appreciated.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

btanExec ConsultantCommented:
Thoughts this can help in charting the exploration into making the network more "intelligently" efficient...the devops csn be tough with two house of team and different culture and objective. Virtual teaming to pool expertise will be nice but we lack a chief architect :)
http://searchsdn.techtarget.com/news/2240212161/14-questions-to-ask-SDN-vendors-before-investing
btanExec ConsultantCommented:
Not forgetting resiliency, ENISA just released a report pertaining to mitigating damages due to power outages. Some relevant outlook to chart ahead in datacenter to reduce the risk of network and service outages caused by power supply failures may include

Analyse the frequency and impact of network outages caused by power cuts. Liaise with providers to collect good practices to increase resilience against power cuts.

Perform a cost-benefit analysis to determine a suitable minimum level of resilience against power cuts. Take lessons learned from outages caused by power cuts and ensure that affected providers work systematically to develop their protection measures.

Act to establish a strategy to promote cooperation and mutual aid agreements on joint service restoration after severe power cuts. Providers should regularly perform checks of existing protection measures, to ensure that shorter and medium duration power cuts will not have any negative impact.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
netcmhAuthor Commented:
So far:

Network virtualization using SDN or IaaS
Applications to use ADL
End to end encryption
Vuln. management
DataCenter Power resiliency

More?
netcmhAuthor Commented:
Some more gleaned off the interwebs :)

Uptodate asset inventory
Manage 3rd party asset vuln. mgmt.
Compartmentalize network and data
Baseline network & resolve anomalies
User access lock down
Implement Firewall configuration development life cycle
Train end users in security
Develop & implement risk management methodology
Implement admission and endpoint controls
Develop security metrics based off of business initiatives
btanExec ConsultantCommented:
Identity access management, unified single identity for users that span across platform in web and device mgmt. Also see besides the usual multi factor authentication going into attribute based or claim based  checks.

I do see more indepth anti surveillance concerns be part of ICT security monitoring nemesis.  Striking a balance of not leaking enterprise IP and not invading staff privacy.  Prevention is no more and should focus on reinforcing detection robustness and closing the number if egress and ingress points. Likewise not forgetting those out of band zones that seems secure and isolated but easily neglected to find out any bridges which tends to be from insider threats carrying those anti air gap storage card....risk based threat modelling in development also another for those R&D folks
David VanZandtOracle Database Administrator IIICommented:
You may or may not be aware that the US DoD now requires incoming technical staff to hold a current COMP TIA Security+, and a current computer environment (CE) certifications, such as Oracle 11g OCP.  I'd be expecting that to come into the private sector as well.
nociSoftware EngineerCommented:
Before training users on security try to make ppl aware of security issues,
in studies ppl would/did trade their passwords etc. for candy bars.
Security is based on confidentiality & privacy so make ppl aware of those.

It's not just "firewall configuration development" cycle, its "configuration development cycle" for all kinds of equipment not just firewalls. (Firewalls are not a lot more than advanced routers, with an option to break routing rules for some packets).

Risk management should be part of your change management cycle, not a separate item.
every change induces risk changes, the risk profile may become better or worse.
And the risks might be very different During a change.... f.e. if you double up hardware to prevent SPOF's then during a change the backup might be temporary unusable and you only have a giant SPOF until the change is complete.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.