Security From the Inside
Out"> Bills such as SB 1386 and proposed federal legislation such as the S.228 and S.223 bills (both sponsored by U.S. Sen. Dianne Feinstein, D-Calif., and pertaining to Social Security and credit card number protection, respectively) are just a few of the many factors that are prompting necessary changes in network security strategies.Strong network security is like a cabbage—lots of layers surrounding a hard center. In the same way, security needs to start from the inside out. Too many organizations take the wrong approach: planning elaborate defenses for the outside network perimeter but marginalizing internal network security. This approach ignores the reality that significant numbers of attacks originate internally or are a combination of internal and external forces, and it misses the modern condition of very permeable outer network perimeters. With many mobile workers connecting through a VPN (virtual private network) and corporate applications often now accessible to employees connecting from the Web at large, there is no clean way to separate those connecting as always internal or always external. Private Web exchanges, Web services, EDI (electronic data interchange) and other business-to-business links also blur network defense lines.
Its clear that IT security management techniques need to more carefully balance the importance of corporate counsel, human resources staff and risk management best practices with the latest in security technology.