Employing a “Zone Defense” Security Strategy

The key to security resides somewhere between a new parent and a football playbook.

Everyone seems to spend more and more time and money on security, but we’re making little progress. Reports of major breaches seem to come more frequently, not less. Are businesses less secure than they were before, despite the increased investment? Or are hackers just smarter than ever?

I don’t think either is true – I think there’s a connection between raising kids and the way businesses should think about security.

With kids, parents move from one strategy to another. With a single child, parents can play man-to-man defense similar to the American football strategy where each defensive player is aligned with a single offensive threat, such as a wide receiver or tight end. In the parental vernacular, while one parent cooks, the other can localize the damage the little angel can inflict on a single room.

With two or more kids, parents move to a zone defense where each defensive player is assigned an area on the field, and when an offensive threat enters their area, they are responsible for covering the person. In this configuration, parents let the little hellions loose around the house and simply try to protect the china in the dining room.

From my perspective, businesses today operate in a man-to-man situation, trying to protect each and every little detail of their infrastructure. I think they’d be more effective using a zone defense as part of a playbook that is continually updated. How would that work? Here’s the playbook:

1)     What do you really need to protect? You can’t walk away from perimeter defenses like next-gen firewalls or encryption technologies, so invest there, but perhaps focus what limited resources you have somewhere else. Determine what IT assets, critical apps and data absolutely must be protected. Remember that not everything needs the same security focus.

2)     A security breach is not an “if,” it’s a “when.” Your best bet is to limit exposure and mitigate risk by controlling access. Hackers are in constant pursuit of credentials, ideally with elevated or privileged access, so tightly control what each and every credential has access to. Make sure there are no shared admin accounts. When an employee leaves, CUT THEM OFF. When they change jobs, change their access to match their new job and eliminate the access from their previous role. This is the ZONE in ZONE defense. Isolate access to only what the user/credential needs.

I contend that, taken together, this zone approach will offer more security to the most valuable assets given the resource and financial constraints we all face. In other words, this strategy can be summed up as, “find the china, protect the china.”