In the last two years, a sophisticated approach to tackling the increasing number of security threats has emerged – the integrated security appliance. Appliance vendors have built on the security foundations created by previous approaches to provide a security model that offers the end-user full visibility and control over their network, while removing the complexity.
Traditional approaches to security have been ad hoc and varied. Companies began to view security as a must-have in the early to mid-nineties when the Internet became widely used in business, and email was adopted as the de facto communication medium. At the same time, this opened the company network up to a rife of new security threats.
IT managers responded by purchasing a number of bolt-on security products, such as firewalls and anti-virus software, but for many, managing these proved -and still proves - to be too complex and time-consuming.
A lack of in-house skilled security specialists presented IT managers with a considerable problem and for many, the only way out was to outsource it to a third party. IT managers decided this was a good idea because it removed the burden of retaining resources in-house and handed responsibility over to the experts.
However, the trade-off for allowing a third party to manage a company’s IT infrastructure, is that an outsider has access to its data and can dictate how it is managed. The biggest issue people have with this, especially those at board level, is trust.
We are seeing a shift away from the managed services approach in an attempt to bring the control back in-house, through the deployment of new technologies, such as integrated security appliances. Under the managed services approach, a lack of visibility means that in-house IT departments only ever find out about big issues and successes. They never tend to receive day-to-day information. This means that the company cannot learn from its mistakes and tweak security policies to match new threats.
This year, financial services company JP Morgan Chase cancelled an IBM outsourcing deal worth five billion pounds in an effort to keep services in-house. Cable & Wireless did the same. No doubt 2005 will see the business case of outsourcing questioned further, you only have to look at recent news headlines for evidence of this.
It is widely acknowledged that an IT manager’s biggest security management issue is email. According to the 2004 DTI PricewaterhouseCoopers Information Security Breaches survey, email still constitutes the biggest virus risk by far, with 83% of companies admitting that they had received infected emails and files in the past year.
But many companies are still missing a trick when it comes to effectively managing and securing email. Third parties are so paranoid about customers receiving a virus because it’s built into their contract, that they end up holding onto messages for eight, twelve, or even sixteen hours to ensure they are clean before they release them. Similarly, over-aggressive spam filters often mean that legitimate emails do not make it through, which has a detrimental effect on business.