The layered approach to IT security
MANILA, Philippines - Like their larger counterparts, medium-sized businesses are under pressure to become more efficient, with the ultimate aim of being able to quickly respond to marketplace dynamics and constantly innovate new products and services that meet customers’ changing needs.
The journey to becoming such an efficient enterprise, however, can be hampered by inadequate IT security.
Medium-size businesses face a formidable challenge when it comes to IT security: They face the same types of risks as larger enterprises but have fewer resources to counter those threats.
Most have lean IT teams that do not include internal security experts who can recognize and remediate security issues, many of which have a bearing on corporate compliance.
More often than not, midsize businesses use piecemeal security solutions that are more suited for small businesses. Each of these addresses just one aspect of overall security and, in all likelihood, does not work in concert with the others to form a complete shield.
Given that the threat landscape evolves rapidly and that threats become more sophisticated by the second, these piecemeal solutions need to be continually tuned and updated, creating a level of complexity that is beyond most midsize businesses.
Security management challenges
Not surprisingly, in a 2010 study by leading industry analyst firm Enterprise Management Associates (EMA), 80 percent of organizations with up to 2,500 employees said security was becoming more difficult to manage, with nearly a quarter (23 percent) indicating that security management had become significantly more difficult.
“Threats are becoming more difficult to control” was the top security management concern voiced by respondents to the EMA survey overall.
The cost and complexity of containing threats is a primary concern, with “controlling escalating capital costs” of security management, and “resource drains due to audit and compliance demands” most often cited by the organizations.
Coordinating vulnerability remediation with IT systems management was also cited as a significant IT security management challenge.
Still, there’s no avoiding expenditure on IT security as midsize businesses - or any business, for that matter - can ill afford to fall prey to cyber attacks, given the high cost of successful breaches or data loss.
In a March 2011 report, the Ponemon Institute, a privacy and information management research firm, gave the cost of a data breach as $7.2 million, or an average of $214 per compromised record.
Financial costs aside, even a single breach can cause long-term harm to a company’s reputation or diminish its ability to comply with various regulations that require them to provide proper security, including Sarbanes-Oxley, PCI Data Security Standards, GLBA and HIPAA.
Layering protection
No single technology can protect against all security threats. Accordingly, multiple technologies have to be used against the various forms of attack.
These technologies are most effective when applied as layers, with overlaps between the layers to ensure blanket protection. A practical security approach should address security management at the following layers: the network, the endpoint, the end-user, and security services.
Network security
Network security is the first line of defense. Most breaches happen at the network level and all eventually hit the network at some point.
A complete network security strategy should incorporate several distinct technologies, including firewalls, virtual private networks, anti-virus scanning, Web content filtering and anti-spam and intrusion detection/prevention systems.
Endpoint security
Many of today’s mobile workers access the Internet and the intranet outside the office environment, sometimes through personal devices. Together with the proliferation of portable media, this increases the risk of infection.
Endpoint security protects desktop and portable computers from threats that do not enter through the secure corporate network. It also enables IT administrators to assess vulnerabilities at the endpoint level.
User security
A security strategy is only as strong as its weakest link so controlling access to a particular user’s data is important. Technologies and devices that come into play here include data encryption, password protection, fingerprint readers and smart ID cum access cards.
Services
A security strategy and security technologies need to be supported by services: risk assessment, monitoring and management of firewalls and security devices, remediation, reporting, URL blocking, etc.
The provision of these services can add up to a hefty administrative burden for the IT organization in midsize companies, especially those that do not have dedicated IT security staff members.
Dell solutions
To make it easier for midsize enterprises to stay secure, Dell has partnered with network technology innovator Juniper Networks to offer a comprehensive package of security management solutions tailored for the midsize business.
Named Dell Layered Security, it combines technology and services in a bundle that is simple to install and use as well as affordable.
“Up until now, security solutions that serve the particular needs of midsize businesses have not been available. Now, together with Juniper Networks, Dell has crafted an approach to security management that is not only tailored for the mid-market customer, but goes further to address the expertise gap and the disconnect between risk remediation and systems management so frequently identified among midsize businesses,” said Ricky Benapayo Lopez, country manager for commercial business.
Dell Layered Security includes solutions that address security management at the level of the network, the endpoint, the end user, and actionable security services.
Covering all bases
At the network level, the Dell PowerConnect J-SRX series of Unified Threat Management systems offers a robust security platform that integrates multiple security functions such as virtual private networking, intrusion prevention, anti-spam, anti-virus, and Web filtering, as well as routing and switching into a single appliance.
Designed especially for mid-market customers, the J-SRX appliances are easy to install and use, even by newly qualified network administrators.
In the endpoint security department, Dell offers a set of market-proven solutions, beginning with the Dell KACE K1000 Management Appliance.
Through the appliance, IT administrators can assess their IT environment for security, identify and remediate vulnerabilities, and set and enforce security policies ranging from application blocking and removal to URL filtering.
The Dell KACE K1000 is complemented by a secure browser, a virtual instance of a Mozilla Firefox browser. Dell also offers Trend Micro Worry-Free Business Security Services, an easy-to-use software solution from Trend Micro that is designed to protect endpoints wherever they are connected.
For user security, Dell provides Dell Data Protection | Encryption, a non-disruptive, file-based endpoint encryption solution that helps IT administrators quickly and easily deploy encryption across the entire organization, securing critical business data on system drives, USB drives, external storage devices, optical storage and other digital media.
Complementary solutions include the PowerVault DL2200 data protection solutions, Dell Data Protection | Access and various Dell SaaS solutions.
To help midsize businesses close the gap in security expertise, Dell will offer in selected markets Dell SecureWorks Information Security Services, a suite of outsourced services that cover 24 x 7 security monitoring, monitoring and management of firewalls and security devices, incident response and audit preparation.
“With our focus on small and midsize customers and our large installed base, Dell recognizes the challenges of security management among smaller organizations. With the Dell Layered Security package, we are doing more than providing customers with a set of tools that address their most common security concerns. We are making each one’s transition into becoming an efficient enterprise a quicker, smoother one, one unhindered by the complexity and high cost of countering security threats,” said Lopez.
To know more about this system, log on to www.dell.com.
- Latest