Policy Orchestration (noun)
Rick Howard: The word is: Policy Orchestration
Rick Howard: Spelled: Policy as in a set of rules adopted across an organization and orchestration as in an automated series of processes to configure, coordinate and manage computer systems, data, or software.
Rick Howard: Definition: The deployment of rules to the security stack across all data islands, cloud, SaaS applications, data centers, and mobile devices designed to manifest an organization's cybersecurity first principle strategies of zero trust, intrusion kill chain prevention, resilience, and risk forecasting.
Rick Howard: Example sentence: If we can make policy orchestration work at the application, at the platform, at the data, and the network level, then it's applicability is going to be exponentially more valuable to everyone.
Rick Howard: Origin and context: In the early internet days, say the late 1990s, orchestration wasn't a problem. We only had three tools in the security stack: firewalls, intrusion detection systems, and anti-virus systems. When we wanted to make a policy change, we manually logged into each tool and made the change.
Rick Howard: Fast forward to the 2020s and our environments have morphed into enormously complex system of systems deployed across multiple data islands. Orchestrating the security stack for our first principle strategies across all those data islands in some consistent manner with velocity is really hard to do compared to the early days. Truth be told, most of us don't do it that well. The goal of policy orchestration is to have one place to configure security policies for our first principle strategies so that we can deploy prevention and detection controls automatically to every tool in the security stack residing on every data island efficiently and quickly.
Rick Howard: We want the deployment of these detection and prevention controls to be finished in minutes to hours after setting the policy, not days, to weeks, to in many situations today, never. There are many potential tactics that infosec programs might use to accomplish this.
Rick Howard: They might incorporate policy orchestration into their DevSecOps process. They might install a commercial orchestration platform. They might use their own SOAR tool or security orchestration, automation, and response. Or, they may decide to outsource the task to a SASE vendor, secure access service edge, or an SSE vendor SASE minus the SD-WAN. Regardless of the approach, policy orchestration is a key and essential task that all infosec programs must master.
Rick Howard: Nerd reference: In a webinar in 2018, David Monahan from EMA Research, explains the benefit of Security Policy Orchestration and Automation or SPOA of in one specific use case, configuring the same policy on two different vendor firewalls.
David Monahan: One of the true advantages of looking at, security policy automation is the ability to standardize firewall policies across multiple vendors and being able to deploy those policies and manage 'em right so you don't have to worry about using multiple gooeys to deploy one on a particular vendor and then a different gooey on another vendor. You can use a single management capability to deploy them across multiple vendors and still standardize those. So that's also a big advantage of security policy, auto orchestration and automation in being able to help manage those firewalls when you have a heterogene environment.
Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik, and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.