SmartAdvice: Add Security Appliances, But Remain Vigilant And Have Backups
There are too many security threats these days to have just one security point, The Advisory Council says, but add firewalls, VPNs, and other appliances to the mix. Also, measure how the help desk aids profits and rethink it as a proactive IT-services partner.
Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from leadership advice to enterprise strategies to how to deal with vendors. Submit questions directly to email@example.com
Question A: Should we use security appliances for firewalls and VPN access, or would we be better off deploying security software on general-purpose servers?
Our advice: Network security is serious business. The flood of viruses, spam, spyware and other attacks on computer networks seems to be almost unstoppable. The recent CSI/FBI Computer Crime and Security Survey documents that security breaches were responsible for more than $140 million in business losses at the 494 companies surveyed in 2004. Clearly, having a good computer-security defense in place is of paramount importance for any business, yet achieving that goal can be challenging. In the past, unless you had a dedicated, highly trained, professional security staff and specialized systems, something would eventually slip past your defenses. Fortunately, the new breed of security appliances now available makes practicing good security hygiene a snap, but there are some worrisome vulnerabilities in taking the appliance approach to solving corporate network security problems.
If you've recently installed a new firewall, VPN, or wireless router, you've installed a security appliance. What makes these new products different is that they're specifically designed to be easy to install and maintain -- they're usually configured and functional in under an hour -- transparent, inexpensive, and able to be upgraded. They're often sold as hardware with an annual software update subscription. Don't even think about cutting costs by forgoing the subscription. The crackers have more expertise and spare time than you do. Take advantage of your appliance vendor's development team, and let them stay a step ahead. Of course, it goes without saying that you need to remember to maintain the system with the latest patches and updates. The products marketed to midsize businesses can generally be configured to update automatically.
Cheap and easy to use, what's not to like about these systems? There are some disadvantages to using security appliances as part of a corporate security strategy. The obvious disadvantage is that the appliance itself becomes a known target for malicious activities. No matter how good the vendor's development team, all security systems have vulnerabilities. It's a matter of time before they become known to the cracker community and exploited.
Another disadvantage is allowing your network security to rely on a single point of failure. If that system is compromised, then the entire trusted network might be open to attack. We recommend continuing to maintain desktop and server-based security software in addition to any network appliance installation.
Security appliances make sense as part of an overall IT infrastructure strategy as long as you remain vigilant. From a business perspective, security is just an expensive insurance policy, so a solution that takes care of the problem transparently and cost effectively seems like a dream come true.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.