Architecting cyber security into networks
Cyber security isn't architected into network designs at the start and that's a problem.
It's interesting how we approach cyber security, it seems to be something that we layer and bolt onto data networks. Specifically, networking teams and engineers architect the networks and then cyber defense is added after the fact.
For instance, networking engineers are used to creating VLANs and/or subnets for isolating data, but then add routers to route between the networks. Sure, some will add ACL (Access Control Lists), but this is very different from using next generation firewalls to act as security gateways between internal networks. Routers are about enabling the fast movement of data between networks.
Lets be honest, generally security is added at the edges and/or inspects traffic for alerting. However, it needs to be more like physical security and designed in from the get go. Cyber security professionals should design the architecture of the networks.
Additionally, since cyber security tends to be layered on versus baked in, this also comes into play for budgets, personnel, change control and even physical connectivity. Networking should be subservient to networking, not the other way around.
It may seem like a simple concept, but fundamentally having cyber security outside of server, applications and networking teams is the problem in the initial architecture, purchase and deployment of IT solutions.