In-Depth

Five Signs Your Enterprise Needs Distributed Security

After years of merely reacting to new vulnerabilities, a centralized security model can no longer counter today's threats.

• By Irfan Salim
• 04/21/2004

On an intellectual level, we all know this. It is ironic, then, that while we wring every bit of productivity out of new technologies, we spend far less time preparing our defenses for the vulnerabilities these technologies bring. After years of merely reacting to new security vulnerabilities, we find ourselves in a castle built on sand; the centralized security model that served so well in the past is old and, while it still has its uses, is not able to counter all of today's threats.

Here are five common enterprise scenarios. They may seem innocent enough, but if you rely too much on legacy, centralized security, they are exposing you to risk. Do they sound familiar?

1. Your enterprise has remote/mobile users

   Of course it does. In "the old days," only employees who were physically within your building could access your network. Back then, the dominant security paradigm was as centralized as you could get: build a wall and hide behind it. But with the growth of broadband, outsourced connectivity services, and the rise of solutions like VPNs, employees can access your network from home, hotels—even McDonald's. As a result of this explosion of endpoints, creating an effective security strategy for the enterprise network is remarkably challenging. It's no longer a simple question of inside-good/outside-bad. Home users' computers might have KaZaa or other kids' P2P programs installed, wireless hotspots or hotel networks might not have any protection, and compromised endpoints can let viruses or hackers onto a network, even through the secure connection of a VPN.

2. Most of your network traffic involves external connections

   In the early 1990s, a curious thing happened to enterprise network traffic. Until then, the great majority was internal. But within just a few years, the ratio practically inverted, and ever since, enterprise networks have used most of their bandwidth handling external traffic. This isn't due simply to employees Web-surfing, downloading personal mail, or using IM (see the next scenario) but to the critical need to communicate with business partners. Even if it were feasible to impose a more draconian security policy—let alone enforce it—to minimize employees' Internet access, you would still have to contend with extranets. When your network incorporates deep connectivity with business partners and their traffic, you again find that the old security model of a border fort no longer works.

3. Your employees use Instant Messaging and other Internet-enabled apps

   Communication methods have evolved in recent years. Unfortunately, as the tools improve, so too does their potential to be exploited. In the early 1980s, e-mail was rare, expensive, and often user-hostile. As it improved and became more common, viruses began to use e-mail as a propagation vector. Now that IM has become the fastest-growing means of communication, you can bet we'll see IM threat explosions soon. Down the road, look for unexpected applications creating vulnerabilities in the enterprise. For example, it seems like every time I turn around, a new component of MS Office is demanding an outbound Internet connection. As our tools evolve to become more efficient and powerful, we can expect more vulnerabilities to accompany them.

4. Your employees use wireless devices

   Internet-enabled phones, PDAs, and wireless access points are the death knell to the concept of a network perimeter. As such, they are often poorly handled by enterprises' security policies. There are very few security solutions that provide total access protection—for all forms of network access.

5. Brand assets, intellectual property, confidential financial information, or other valuable data reside on your network

   Naturally. Networks, including the Internet and intranets, were designed to share information. Even with best security practices (such as network segmentation or strict access rights), can you be sure that all your important information is shielded from a dedicated hacker who is already inside your network perimeter? In the early days of the Internet, the hacker’s goal was to show off technical prowess. Just breaking into a network was impressive. Now, with the prevalence of hacker toolkits, a powerful "black bag" is within reach for white-collar criminals. Consequently, we have targeted hackers who hammer on specific companies for the smallest chink in their armor. They do this not to show off, but to steal your secrets.

In the near future, we will see security incidents that would have been impossible a decade ago. Looming on the horizon are real-world infrastructure attacks, worms that target phones, and devastating IM viruses. The legacy security solutions that we still depend on have their place, but additional, smarter security layers are needed.