Is today's network easier to secure?
Enterprises today exist in what resembles a predator/ prey environment. In this habitat, the prey is the enterprise network and the information it contains, while the predators are the hackers trying to gain unauthorized access to resources within the network, or interfering with corporate assets for some purpose — from using facilities and services free of charge (VoIP toll-fraud, use of broadband access, use of network disk storage, etc.) to using zombie PCs in distributed denial-of-service attacks or as spam beacons.
With all the evolutionary change of the last few years, have things got any easier for our networking and security professionals? The answer is both yes and no. Yes, we have many more tools, but the downside of the pick-and-mix strategy for security is the proliferation of management control and even the philosophical differences in how security is incorporated into software and/or appliances. The alternative is almost equally unpalatable, where a single vendor promises hugely intelligent networks at the expense of deploying a mono-culture, thus holding back both the ability to be agile —also removing the vital defense-in-depth component — and offering up a single point of attack focus. No, there are too many compromises, too much intrusive security, un-enforceable policies for harder-to-manage applications. And lastly, our users haven't got any less careless as time goes by.
So what's the next step? Certainly more intelligence is needed, and probably, more importantly, increased transparency for users. Security has to become much simpler to apply, while continuing to be highly effective. End-users are not the people who should be responsible for making decisions about how to secure their own network access properly. Who is better placed to understand the complex interactions between risks and attitude at any given point in a network? Is it the users or the pros responsible for the development, maintenance and application of security and networking policy? This isn't about controlling users, but allowing them to concentrate on what is important to their employers, while ensuring that the network is protected. To continue the evolution theme, we have to make sure that we have the right genetics in place that empower organizations to be agile and make those mutative adaptations that keep us one step ahead of the malefactors.
It is important for vendors to take a leading role in helping enterprises to formulate and deliver responsive and agile security policies that support their business goals. Thus, openness and adherence to standards are important.
We must strive to make sure that the fundamental values of security — predictable performance, quality of service, ease of management, etc. — are baked into our solutions. This will enable the adoption of new and innovative applications that will help to shape the business processes of the future. We must also provide flexible yet robust systems that are capable of operating in diverse environments and having the right genetic makeup, allowing intelligent and seamless optimization of their unique features and benefits. Enterprises, therefore, must do their due diligence thoroughly when assessing the welter of technological promises from a large number of vendors and, by relying on trusted partners, analysts and integrators, make strategic investment in their infrastructure, rather than piecemeal application of non-integrated or un-integratable technologies.
- Anton Grashion is security strategist EMEA at Juniper Networks.
From the - October 2007 Issue of SCMagazine »