Recently I had a chat with a friend of mine on the tech team of a branch of local government. We were discussing networks and security, and generally praising the benefits of Meraki cloud managed Wi-Fi.
It came to light that his organisation employ a policy preventing the use of the same manufacturers devices across their network infrastructure; supposedly in a bid to improve security. Whilst laudable in its intention I have concluded that this philosophy is misguided.
When defining security policies, it’s important to understand the nature of modern cyber threats. It’s interesting to note that 94% of recorded threats in the UK in 2022 came through email. So, using a combination of Fortinet firewalls, Cisco AP’s and Aruba switching infrastructure in your data-centre, isn’t going to stop an unsuspecting user from clicking on a phishing link or inadvertently downloading some ransomware. Criminals are only interested in data. That’s where the value is, and they’ll find the path of least resistance to access and exploit it.
So why wouldn’t you want a vendor diverse network?
1. Firstly, hardware manufacturer diversity does not guarantee security
2. Manufacturer diversity ‘increases’ the scope of potential vulnerabilities
3. With increased complexity comes increased cost
4. More 3rd party vendors to manage
5. Diversity of technologies requires diversity of training and technical resources, which means more cost
6. Security patching becomes complex, potentially increasing gaps in your security
7. Interoperability with other security systems is often difficult and becomes more limiting
In stark contrast, a unified network such as the Cisco Meraki we were discussing actually simplifies your network management, and gives you full visibility of your estate through a single pane of glass. There’s no corollary between ease of management and the ease of a breach; in fact, all evidence points to the contrary.
Monitoring and reporting of the security tools can easily be integrated into your SIEM, along with your other security services. Reduced costs of management and maintenance will allow funds to be allocated to other services such as the more modern AI based email and Real Time Threat Protection tools. Combined with a zero trust security model which requires strict identity verification for everyone and everything on your network, and you are able to protect your data where it is most vulnerable.
We must always consider balancing costs and benefits, and it’s our philosophy that simplicity is key. A network that is easy to manage and integrate, has clear visibility and a reduced attack vector is always going to be more secure in a practical sense.