How to Match Your Security Needs to Your IT Infrastructure Budget

2009 promises to be a tough year for IT departments. With the economies of the United States and the world in turmoil, economic signals are weak, IT infrastructure budgets are tight and staff resources are limited. Yet the need for network security is greater than ever before. Here, Knowledge Center contributor Jeff Prince explains how to match your security needs to your IT infrastructure budget.


In this current economy, business practices that have led to increased efficiency and productivity have simultaneously led to an increase in security risks as well.

For example, organizations are making ever-greater use of contractors, auditors and collaborative partners. These outsiders become, in effect, insiders; they can access an organization's network, run its applications, and access its proprietary and confidential information.

Also, offshoring adds a new type of work force that has much higher turnover and is less visible than the inside work force. And this new work force can access the company's IT resources. Plus, the ability to store data such as customer and patient details, product designs and financial information online, and access it over the network, puts intellectual property and private information at risk. Convergence also leads to risk. Vital services such as voice calls that run over the Internet are at risk for data attacks that can lead to denial of service (DoS).

In addition to increased risk, many businesses face more stringent regulations than ever, applied by both industry and government agencies. Add up all these factors and the need for security controls-and documentation of those controls-is obvious. But the controls cannot place such stringent constraints over what people can do on the LAN that they prevent staff from getting their jobs done or otherwise hamper the business.

But how can IT reconcile the need to improve security with today's economic realities? Luckily, the latest security developments may provide an unexpected silver lining to the economic storm clouds. Shrinking budgets and intense economic scrutiny are forcing IT to look beyond the status quo. Enterprises must examine their purchases carefully, and demand cost-effective innovations that will improve the security of their information and other assets.

New perspectives on security

Taking new perspectives on security issues can help IT negotiate the tradeoffs among security, budget and business needs. Indeed, some of the latest developments in security can help IT improve access control to protect information and resources without breaking the bank, exhausting the staff or stopping the business from operating effectively.

1. First, do no harm

This old adage that doctors live by definitely applies to IT security. IT needs to look for ways to layer in tools that tighten security controls but that do not break existing systems. Tools must not force users to adopt new behaviors, require any changes to the network infrastructure or require a heavy investment on the part of IT to deploy.

Today, a number of security appliances are easy to deploy and use, snapping into any network and allowing IT to identify users, apply role-based access control policies, and document all user and application activity.

2. Be open to innovation

When a mature, successful IT infrastructure is in place, it's easy to take on a "let's do things the way we've always done them" mentality. After all, the way you did things the first time around worked and you chose the right vendors, so why tamper with success? Many IT organizations stick to the same infrastructure vendors year after year-and write big checks to them year after year-without ever investigating alternatives.

But when times are tough, it pays to break out of that mindset and take a hard look at every upcoming network equipment capital purchase. Innovation is happening across many parts of the network, many new vendors have entered the market with excellent security solutions, and IT may well find just what it needs from these new vendors. Incumbent network infrastructure vendors need to extend and protect their existing customer and product base, and thus are often not the leaders in innovation.

3. Think integration

Perhaps the most dramatic example of innovation is happening where the majority of users access today's LANs: the user edge of the LAN. Integrated security solutions that provide network connectivity with intelligent control over users and applications can perform multiple functions. They enable IT to ensure access policies are enforced, control non-user devices such as printers, and track all activity of specific users-by name-across the LAN for trending, compliance and accountability.

Integrated security solutions also can dramatically reduce capital outlay, since IT is not required to purchase multiple systems. Integration also improves IT's efficiency and lowers the management overhead of running multiple systems by simplifying tasks such as troubleshooting, compliance and supporting converged networks running voice over IP (VOIP).

Integrated security appliances enable IT to improve control over how the network is used while adhering to the "do no harm" adage. And they do not force any changes on the underlying network, even though they are implemented in the infrastructure.

So be willing to consider new and innovative approaches to network security that won't force you to change your network. Look at all your options. Investigate the operational and cost advantages of products that integrate multiple security functions. Ultimately, taking these steps will help ensure that IT is protecting the company's online assets while spending the IT budget wisely and well.

Jeff Prince is Chairman and CTO of ConSentry Networks. Jeff holds eight industry patents related to networking technology and co-founded three of the industry's most innovative networking companies. Jeff has more than 18 years of experience developing networking and ASIC technologies. Jeff was a founder of Foundry Networks, where he lead Foundry's hardware engineering group. Prior to that, Jeff founded Centillion Networks, which was acquired by Bay Networks in 1995. He can be reached at [email protected].