Life As Techies

Background Have business activity of your enterprise suddenly disturbed caused by IT problem? And the internal didn't know what causing it. Everyone become busy to check their own job and sometimes pointing fingers to others is the best solutions to save their own seat. That's the reality. To find the root cause of the problem is one thing, but to recover the system from disturbance is the mandatory. Usually when the system already recover, finding the root cause might be forgotten by the internal because they return to their daily activities. Or might be the root cause become another long list mystery to be unsolved. Why it can be happen? because there's no change management properly applied in the enterprise. They can't track every changes that might affect to the enterprise.

Background From the previous article, I already define what do you need to plan before start to utilize NGWF box. Set of requirements must be clearly define, be documented and be approved by internal team. This process should be define as mandatory because this will be come internal justification and evaluation in the future. For example, if there's an audit activity which focusing on this area then the enterprise could safe their spot when auditor questioning their decision. So start documenting your activities! Back to business, do the enterprise need to enable all features in single box firewall / divided into specific security devices solutions?

Background Having an Firewall to securing perimeter gateway in enterprise network is a mandatory requirement nowday. Without it, enterprise will have vulnerabilities that might be exposed to external and would be increasing possibility security incidents occur that impact to enterprise business activity. Enterprise should be aware of this security risks. When everything transforming become digital, existence of information classification start from lowest (public) to highest (confidential) should be define by enterprise. Every single information that invaluable could be very valuable especially by unauthorized persons. Accessing to information classification should be limited only to authorized person only. This is one of the firewall role.