AnchorDesk |
 |
 |
|
|||
 |
|
Turning IT security on its head |
|
|
Robert Vamosi Senior Editor, Reviews Friday, October 1 |
| ||
Add your opinion
For example, Simmonds talked about the money-hauling industry (think Brinks armored trucks). What are they trying to secure? Money. How do they do it? They purchase armored trucks, true, but they also design security into the containers used for conveying the money: the containers explode if the money is stolen. In businesses today, we want to secure the data, yet we're locking down entire companies instead. Given that the nature of business has changed in the last few years, this model is outdated. The workforce now includes more temporary employees. We have more services designed to work around the traditional hardened perimeter, such as VoIP, IM, and VPN. And let's not forget that the hard-shell, soft-nugget strategy of corporate IT security has been successfully violated. Living in a post-MSBlast world
In recent years, companies have spent millions on their perimeter security and very little on individual desktop security. Last year's MSBlast successfully exploited this flaw, requiring just one infected laptop to cripple entire companies. Yet, companies had to let that one infected laptop into the network because workers are increasingly mobile, working on the road or from home. Companies also allow port 25 e-mail traffic, so there's still the risk of e-mail infections through that chink. And companies have to allow port 80 Internet traffic as well, laying them open to the threat of infected Web pages. According to Simmonds, the closer the protection is to the data, the better the protection. In other words, deperimeterization is a way to solve business needs without maintaining a strong perimeter. Deperimeterization flips the current paradigm on its head by securing the individual desktops, laptops, and PDAs, as well as the data itself. Return on investment
Simmonds's company has satellite offices all over the world, and, he said, they're constantly opening, closing, or relocating them. So how does his company protect its data yet get the offices up and running smoothly? Using traditional methods, the company would have to design a wide-area network for a new site, negotiate with local Internet providers, install a virtual private network, install encryption and routers, install switches and private wiring, train local staff, create a secure LAN, and install and configure local PCs. Simmonds estimates that this process could take anywhere from one to six months--not good in today's volatile economy. Simmonds suggested, however, that his company could open a new sales office in a few days. How? By finding an existing office with Internet service, plugging in PCs, then plugging in VoIP phones. By encrypting these laptops and VoIP appliances, the data would stay secure, but the office would remain flexible and mobile. Should you need to relocate or close the office, no problem. Deperimeterization won't happen overnight
Moving today's companies into tomorrow's IT landscape won't occur quickly, and Simmonds suggested that companies could implement deperimeterization changes (a PDF file) in as few as 4 years. I think that's a bit optimistic. But I do think that over the next 10 years, we will see more encrypted streams of data and less fortress mentality among corporations. What do you think about turning IT security on its head? Is deperimeterization a good idea? TalkBack to me.
|
Special sponsor stores |
Harnessing the power of waves
Planting solar gardens
Fill your car for $1.10 a gallon?
