Content

SECURITY CAMERA: Looking After Number One

Have you ever noticed the way in which new security solutions seem to appear as an appendage to an already recognized requirement of the IT department’s security strategy?

Take the firewall for instance. We were told we all needed one to ensure we were safe, and not long after we had purchased, installed and configured it, many were re-released as upgraded combined firewall/VPN appliances. We also had the anti-virus package, and then the content checker came hard on its heels; now they can be sold as one in the same security solution.

Then there was a large number of security software product 'suites' released. These were a combination of software packages that usually came from the same stable and were therefore interoperable. Their purpose was to cover all the security angles from one box containing a collection of CDs. We don't see many of these today - well not on the same scale as the 'suite explosion' of 1999. Maybe because people want more choice, but it may also be because a package will always cost less than each individual piece of software sold on its own. However, if the profits drop this must also affect research and development funding, so it's not such a good thing in the long run - is it?

Then again, as we look back, many things have come and gone, only to be re-born under a different guise. Storage area networks (SAN) did it, and public key infrastructure (PKI) is now on the rise, incorporated into solutions rather than simply as a standalone technology. There are also a number of appliances that provide additional security over and above that which they were designed for initially. Most seem to incorporate anti-virus from their chosen vendors. Even the anti-virus vendors themselves have leapt into the appliance 'wars' and added their AV into the mix.

Maybe we will see a new 'suite' resurrection, in the form of do-all hardware appliances. An appliance that provides firewall/VPN/AV/IDS and a remote access server, all bundled into one? One box - one solution. Surely it's not that simple, and logistically (and for my job's sake) it couldn't (shouldn't) happen. Technically it may be possible in the future, but if there was one back door, one little hole, it could render the entire appliance a security threat. Therefore the device/computer, whatever, would have to have layered security.

Putting all your faith in one element requires a very courageous man (or woman), but in the technology world it takes a foolish one. One device - one problem; no device - huge problem! It all comes down to the basics - layering your defenses, so that if one should fail there's another to act as a safety net. It is plain common sense and 'good security' is based on 'plain common sense.' The whole crux of the security machine is balanced by the policy that drives it. A well thought out policy will ensure the wheels keep turning and that if (a) happens, (c) and (d) will follow, closing (b) down to maintain compliance - if you see what I mean.

Rules, that's all it takes, well devised and implemented rules to cement your layered security firmly in place. You'll also need a reliable fail-over device or system and a means of data back-up, and don't forget an emergency power supply. Well, our single device just got bigger - but give it time, I'm sure they'll get it all into a mobile device by 2102. But right now it'll sit happily in the IT department, once they remove all the dozen or so boxes they used to need to do the same job.

Do we see it coming? Is it something that the developers will be bringing to market in the next few years? Who knows? It would be marketing madness - all your eggs in one basket - not likely, say the sales guys. Someone may decide to dip their toe in the water, but one suspects the toe may be nibbled by a larger croc' passing by. Let's face it, how many small fish survive in shark-infested waters?

But, let us imagine this was a perfect world, not so perfect that there's no need for security, but just perfect enough to eliminate any commercial arguments. Now it may be possible to justify creating your computer as a complete security hardware suite - with regular updates this could provide all your security, so much so that no other device is required. However, after the number of appliances that have required patches in the past, who would be willing to put all their faith in one, and only one device? Well at least everything should be compatible and there would be no configuration conflicts to worry about would there?

On reflection, it wouldn't be so bad: one annual Test Center, titled 'Looking After Number One'; 100 appliances battle it out for the SC Magazine Best Buy and SC Magazine Recommended slots, it would certainly keep us busy. But what would the developers call it? Well if marketing have anything to do with it, probably 'Global One Device' - GOD for short.

Jayne Parkhouse is reviews editor for SC Magazine (www.scmagazine.com)

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.