With Internet access beginning to take the trek towards becoming as ubiquitous as telephone service, deployment of IP networks in the past five years has grown—both in terms of number of Intranets and complexity. What seems to be the only constant in the deployment of an Intranet is the constancy of the deployment. Besides, with the wireless traffic growing and Internet coming to the handheld devices, the security issue only gets further complicated. In such environments, the elements of security risk are witnessing a stratospheric growth.

PETE

Enterasys Networks assesses some of the key elements of security risks as unpredictable access for new mobile workforces; unnoticed e-vandalism; hard to track e-raiders; difficulty in damage assessment; and difficulty in profiling and logging the transient attacks. Enterasys singles out PETE (Potential Employee Threat to Enterprise) as the threat to the enterprise security currently.

The reasons: PETE is connected to the Intranet; is attached to the company’s entire IT structure every day; is abusing or attacking resources through high-speed 10 or 100 Mbps connection; has access to IT infrastructure from home, hotel, or suppliers facilities; is unchallenged from 99 percent of security systems; does not have to pass through the Internet firewall technology; may not be intentionally damaging IT resources; maybe misusing the Intranet or damaging it through virus reception. This is typically why enterprise security needs to be seen as a holistic approach rather than a part-means effort or a reactive approach. The game is infrastructure and management.

BCI

Now, with Intranets being deployed not only to serve internal needs but to partners, customers, suppliers, and the general public, this extended Intranet is playing an increasingly critical role. Zona Research terms this as the Business Critical Intranet (BCI). And according to it, "the BCI is an increasingly complex network and presents an ever-changing array of challenges for network managers. It includes supply chain management, electronic commerce, and a whole spectrum of activities between the enterprise and its customers, partners, suppliers and the general public. In this environment, the effort to maintain appropriate levels of security can pose a difficult and complex series of decisions for the network manager." Interestingly, the diverse requirements of the BCI have lead to the managers creating a shopping list of measures intended to meet so-called security requirements. This was more a consequence of job security than network security.

Studies conducted by Zona Research indicate that IT managers are caught between the devil and the deep sea. On one hand, there is a great demand on them to throw open the BCI as an extended Intranet to customers, suppliers and partners, and on the other ensure a greater security of the data stored on the network itself. Zona's studies show that IT managers are attempting to clamp down on information access. In one study, when Zona asked a series of six high-level questions related to security and information access in order to gauge general trends and attitudes among enterprise network managers, more than three-quarters of the sample respondents disagreed or strongly disagreed that their information access policy is free and open. They were keenly aware of security issues and were deploying security technology to limit access. Further, nearly two-thirds of that sample indicated that information on their networks is centrally controlled, more than twice the number that indicated information was managed in a decentralised way. Similarly, with respect to policy changes, nearly two-thirds of the respondents indicated their information access policies had become less open in the last year, in sharp contrast to those (less than 25 percent) that had made information more open during the same period. At the same time, an overwhelming majority stated their information access policies would become less open in the coming 12 months. From this, Zona concludes that the desire to control access to information is a trend that will continue into the foreseeable future.

Enterprise Security: The Approaches

Network security managers, responsible for choosing from a dizzying array of specialised hardware and software products to solve their organisations network security and infrastructure needs, are confronted with a huge shopping list. While individual products from different vendors are attractive as ‘best-of-breed’ solutions in specific areas such as virus detection or authentication, organisations require assurance that the disparate products will integrate to provide seamless, comprehensive network security. Alternatively, one can choose to purchase a broad range of solutions from a single vendor -- a part of a product "suite". Further a significant portion of the Total Cost of Ownership (TCO) for an enterprise network is the expensive human resources devoted to managing the solution. The ability to manage all elements of an enterprise security installation from a centralised, integrated console is what differentiates a cohesive, manageable, cost-effective solution from a mere patchwork of individual point products.