While the reviews may be mixed on their long-term success, the concept has significant merits that warrant IT staffs to consider such a strategy.
The truth is that there has never been a more challenging time to be in charge of protecting an organization's information networks. It's a simple arithmetic issue: In 2010, there will be more threats than there are people to counter them.
This dilemma is exacerbated by the continued rapid expansion of broadband connectivity worldwide, and that means that attacks can come in all shapes, sizes and sophistication. Well-funded organized crime and terrorist organizations have also stepped up their use of cyberwarfare as part of their arsenal, so the threats can more dangerous and farther reaching than ever before.
What's more, the next attack against a company's networks may not even be man-made. Pandemics like the H1N1 virus, as well as natural events like earthquakes, blizzards and wildfires, may prevent folks from getting to the office without notice. That leaves CIOs, CSOs and network administrators in a bind, particularly as IT budgets continue to come under strain with the economy. If you're like most shops, there are barely enough resources to cover the known issues now, let alone the ones that haven't happened yet.
Try not to be all things all the time
So instead of stretching equipment and manpower to counter every threat, organizations may want to consider a surge strategy – allocating resources to combat certain situations as they occur in rapid fashion. If done in concert with a disaster recovery strategy plan, not only could this effectively recover a company from an attack or network shutdown, but also do so effectively and without busting the budget.
Components of such a surge plan may include:
- Available access points – to add on a temporary basis for employees who cannot get to the office due to some unforeseen disaster, such as a flood, fire or other catastrophic event. Service providers typically offer such capabilities and it may very well come in handy for a variety of circumstances.
- Additional VPN, Email, UTM filters – to ensure that the increased access points can be tied in to the existing networks without compromising the security integrity in the process. As with implementing more access points on a temporary basis, service providers should be able to offer packaged deals to install more security solutions for limited periods of time when the need arises.
- Backup systems that can shift on the fly – off-site and off-line server farms that can be shifted to act as the primary network on a moment's notice if something happens to the main line. It is important not just to have the data intact, but also be able to ensure that accessing it is as secure – if not more so – than the original system. That may require getting systems in place for short intervals until the original servers can be put back in operation.
The balance CIOs and CSOs face today is akin to walking a tight rope. Keeping systems operational and secure on budgets that leave little, if any, room for error. So instead of trying to be overstretch equipment and talent, a better idea might be taking the lead of national security agencies and consider a strategy that allows you to surge resources when needed. It may make the difference between keeping operations up in a disaster and losing valuable time and information.
Max Huang is the founder and President of O2Security, Inc. a manufacturer of network security appliances for small- to medium-businesses as well as remote/branch offices, large enterprises and service providers. Max can be reached at [email protected].