2009 promises to be a tough year for IT departments. With the economies of the United States and the world in turmoil, economic signals are weak, IT infrastructure budgets are tight and staff resources are limited. Yet the need for network security is greater than ever before. Here, Knowledge Center contributor Jeff Prince explains how to match your security needs to your IT infrastructure budget.
this current economy, business practices that have led to increased
efficiency and productivity have simultaneously led to an increase in
security risks as well.
For example, organizations are making ever-greater use of
contractors, auditors and collaborative partners. These outsiders
become, in effect, insiders; they can access an organization's network,
run its applications, and access its proprietary and confidential
Also, offshoring adds a new type of work force that has much higher
turnover and is less visible than the inside work force. And this new
work force can access the company's IT resources. Plus, the ability to
store data such as customer and patient details, product designs and
financial information online, and access it over the network, puts
intellectual property and private information at risk. Convergence also
leads to risk. Vital services such as voice calls that run over the
Internet are at risk for data attacks that can lead to denial of
In addition to increased risk, many businesses face more stringent
regulations than ever, applied by both industry and government
agencies. Add up all these factors and the need for security
controls-and documentation of those controls-is obvious. But the
controls cannot place such stringent constraints over what people can
do on the LAN that they prevent staff from getting their jobs done or
otherwise hamper the business.
But how can IT reconcile the need to improve security with today's
economic realities? Luckily, the latest security developments may
provide an unexpected silver lining to the economic storm clouds.
Shrinking budgets and intense economic scrutiny are forcing IT to look
beyond the status quo. Enterprises must examine their purchases
carefully, and demand cost-effective innovations that will improve the
security of their information and other assets.
New perspectives on security
Taking new perspectives on security issues can help IT negotiate the
tradeoffs among security, budget and business needs. Indeed, some of
the latest developments in security can help IT improve access control
to protect information and resources without breaking the bank,
exhausting the staff or stopping the business from operating
1. First, do no harm
This old adage that doctors live by definitely applies to IT
security. IT needs to look for ways to layer in tools that tighten
security controls but that do not break existing systems. Tools must
not force users to adopt new behaviors, require any changes to the
network infrastructure or require a heavy investment on the part of IT
Today, a number of security appliances are easy to deploy and use,
snapping into any network and allowing IT to identify users, apply
role-based access control policies, and document all user and
2. Be open to innovation
When a mature, successful IT infrastructure is in place, it's easy
to take on a "let's do things the way we've always done them"
mentality. After all, the way you did things the first time around
worked and you chose the right vendors, so why tamper with success?
Many IT organizations stick to the same infrastructure vendors year
after year-and write big checks to them year after year-without ever
But when times are tough, it pays to break out of that mindset and
take a hard look at every upcoming network equipment capital purchase.
Innovation is happening across many parts of the network, many new
vendors have entered the market with excellent security solutions, and
IT may well find just what it needs from these new vendors. Incumbent
network infrastructure vendors need to extend and protect their
existing customer and product base, and thus are often not the leaders
3. Think integration
Perhaps the most dramatic example of innovation is happening where
the majority of users access today's LANs: the user edge of the LAN.
Integrated security solutions that provide network connectivity with
intelligent control over users and applications can perform multiple
functions. They enable IT to ensure access policies are enforced,
control non-user devices such as printers, and track all activity of
specific users-by name-across the LAN for trending, compliance and
Integrated security solutions also can dramatically reduce capital
outlay, since IT is not required to purchase multiple systems.
Integration also improves IT's efficiency and lowers the management
overhead of running multiple systems by simplifying tasks such as
troubleshooting, compliance and supporting converged networks running
voice over IP (VOIP).
Integrated security appliances enable IT to improve control over how
the network is used while adhering to the "do no harm" adage. And they
do not force any changes on the underlying network, even though they
are implemented in the infrastructure.
So be willing to consider new and innovative approaches to network
security that won't force you to change your network. Look at all your
options. Investigate the operational and cost advantages of products
that integrate multiple security functions. Ultimately, taking these
steps will help ensure that IT is protecting the company's online
assets while spending the IT budget wisely and well.
Jeff Prince is Chairman and CTO of ConSentry Networks.
Jeff holds eight industry patents related to networking technology and
co-founded three of the industry's most innovative networking
companies. Jeff has more than 18 years of experience developing
networking and ASIC technologies. Jeff was a founder of Foundry
Networks, where he lead Foundry's hardware engineering group. Prior to
that, Jeff founded Centillion Networks, which was acquired by Bay
Networks in 1995. He can be reached at firstname.lastname@example.org.