Ensuring Security In The Networking Industry

Ensuring Security In The Networking Industry

Adam Morton, The Director of Engineering, CKE Restaurants

Adam Morton, The Director of Engineering, CKE Restaurants

Adam Morton is the Director of Engineering at CKE Restaurants. His role in the company is to oversee the systems team, the network team and the telecom team. Being a strategist and an IT leader, he has been in the IT industry for 30 years. He aims to streamline and propel the business, with prime technology, to reach newer heights.

What are some of the challenges that you face while upholding security in the networks of the organization and what are the measures you have taken for the same?

Security is a big challenge for the networking industry. Because traditionally, when you have people coming into the office, they are on your network, you can push down GPOs, you can push down patches for the endpoints. But now, when we have people off the network who don't connect to the VPN or any local network, that becomes a bigger challenge. They don't get the GPOs from the Microsoft Active Directory that we need them to have. So, by having an RMM tool or remote monitoring or remote management tool we can push some of the Windows patches down. So we have recently introduced a product that will require them to connect to the VPN, before they can do anything network wise. So they can't get on the internet, they can't do anything from a network perspective until they connect to the VPN. And so what this does is now forces them to get on the VPN, it forces them to be on our local network, which we can now push down the proper GPOs that is needed. And also with this product, we have what we call a pre log on. So when a computer is turned on, it detects that there is an active internet connection, whether it's wireless, or wired or via a certificate based authentication. It helps us in being able to scan and just push down API’s.

“We work hard to respond fast, mitigate a security breach and contain it. We do what we call tabletops. We do go through scenarios of such issues that might happen and be ready with our plan of action”

What are the popular technologies that help your clients with networking problems, or make them more secure and simpler to use?

There's a lot of security products out there. Since the past couple years, we've seen a heightened awareness with security. We rely on Palo Alto and their prism access product. Palo does a really good job of detecting threats. A lot of them have new AI integrations that really help find those zero day vulnerabilities, which is kind of a big scare too. We’ve got these attacks that people are launching that we've never seen before. Palo Alto has a really good job of tracking down such suspicious activity. And then you have monitoring, endpoint protection, and all kinds of security requirements. There are instances where an email is sent, which is too good to be true and users click on it. This creates the issue of ransomware. So it's good to have a good endpoint protection product out there. And have our plan down for when disaster happens, or when the look of the security is tampered with. We work hard to respond fast, mitigate the situation and contain it. We do what we call tabletops. We do go through scenarios of such issues that might happen and be ready with our plan of action.

What are the practices that you take up to educate the users about the networking practices, or being safe while using the system?

We have cybersecurity training that people have to go through every year. With a video we explain the things that we see that can be identified as fraud or unsafe. We do phishing tests to see if people respond to those, and how. Users are educated as to what should have been suspicious to them. There are emails that look too good to be true, and usually when it looks like that, it is. Couple of things that we tell our users to substantiate this is when there is bad Englisor an email address that looks odd. These things make the email suspicious. We tell them that when you do not know where the email is from, it is best not to open the file. A call or text from a random number from a random number sharing or asking for irrelevant information, must be reported. There are situations which are difficult to handle or avoid, but we try our best to keep our users educated about their safety and security while networking. Our message is, if it does not pass the sniff test, report to security.

Do you have any advice for network architects or network engineers in the industry right now?

The facility network space is moving towards automation. In today’s times building up automation skills is a necessity. Let’s say one has 100 switches which need to be updated, maybe an NTP setting and doing it manually will require a lot of time and effort. To ease processes similar to this, automation is needed. Along with this, keeping up with the current technologies is the next thing to work upon, as it is an ever changing industry. Technological developments happen every minute, and one needs to be aware of the same.

Weekly Brief

Read Also

Generative AI in IIOT

Generative AI in IIOT

Jarrod Anderson, Senior Director, Artificial Intelligence, ADM
Securing Your On-Prem Active Directory Environment

Securing Your On-Prem Active Directory Environment

Brian Wozniak, Director - Infrastructure Engineering, Zurn Elkay Water
Implementing Iam To Boost Growth

Implementing Iam To Boost Growth

Tamsyn Weston, Head of IT Solution Development, European Tyre Enterprise Limited
Future-Proofing Cyber Security Systems In A Post-Pandemic World

Future-Proofing Cyber Security Systems In A Post-Pandemic World

Benjamin Corll, VP, Cyber Security and Data Protection, Coats
Cyber Grc: Core Enabler Of Strategic Cybersecurity

Cyber Grc: Core Enabler Of Strategic Cybersecurity

Jamie Sanderson, Director of Cyber Governance, Risk, and Compliance, AES