There seems to be no end in sight to random attacks by hackers who gain pleasure by creating havoc for kicks. If you do not already have a robust security system in place, you should urgently consider a system to protect your assets from both outside and within.
I was recently at a seminar
where the presenter effectively illustrated the effects of an unfriendly intrusion on an e-Commerce business using the analogy of thugs parking cars and abandoning them to block all access to a Shopping Centre’s parking lot. Needless to say it would severely limit the amount of business transactions for the impacted period.
I don’t mean to be paranoid, but you are responsible to help create the “perfect solution”. This article is intended to trigger an understanding that network security is a more complex solution than a simple firewall that provides a secure operating environment for your business. I would ask you to consider network security as a process rather than a product.
Experience has shown that appropriate solutions are not easy to provide without the client possessing a clear understanding and having established a position on some essential points that are needed to successfully design, implement and manage solutions.
There are some major issues and evaluations to be considered before arriving at a solution. The most basic of which is to determine if your company has a corporate security policy and to determine if it is relevant to today’s computing environment. The answer is fairly complex as there are several layers of policies that should be established at a granular level, which makes it easier to enforce using technology. The policy areas include the following; general security, access control, mission-critical systems, e-commerce security, e-mail use, unauthorized software and Internet acceptable use. These policies are used to establish the guidelines of use and measurement in the selection and implementation of security tools and controls.
Despite the best plans, most policies are prone to failure despite the strongest enforcement if there is an absence of an excellent communications strategy to employees. This is an essential part of the solution. Policies are unenforceable, as they are not specific enough to govern the behaviour of individuals under all circumstances.
The ideal solution will be much broader than a firewall as it should provide for authentication, authorization and access control within existing databases. In addition, the solution must be scalable as your business and corresponding network is sure to grow in the future. The security package should ideally be integrated so that ease of use can reduce the costs associated in managing the solution.
The following is a list of questions that will help in defining your requirements that will have a large impact on implementing the appropriate solution for your business. How secure is your enterprise? Can you assess security vulnerabilities and effectiveness of your corporate security policy? Is your enterprise appropriately protected from unwanted outsiders and hackers? Can you securely enable remote users, suppliers, partners and customers to safely access your network through the Internet? Can you centrally manage and administer every user and resource across your organization?
To be sure, there are many details to consider when talking about establishing a secure corporate system.
Marc Steiman is a veteran of the Canadian IT industry. He has held channel management positions at Tech Data Canada and 3Soft.</