Untitled Document
Untitled Document

www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
14 January 2008  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
CIO Decisions
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

Master 3D messaging security

Above and below. Left and right. In front and behind you. Use multi-dimensional security to fend off attackers, no matter where they come from, says Paul Henry.

Messaging security is starting to resemble the world of video games. And that’s a good thing. In the 1980s and for much of the 1990s, video games were “side scrollers.” You moved Super Mario left and right across a scrolling digital landscape. Occasionally, you’d leap high or jump low to dodge threats and get on with your business. Messaging security was similar. You needed to protect messages as they moved in and out of your business and up and down your organization’s hierarchy. Not too tricky.

Times have changed. Today’s video games offer impressive 3D environments. In a typical combat game, your character faces attacks from above and below, left and right, in front of you and behind you. Basically, you need to protect yourself from every digital threat imaginable—from every angle in every direction. The same is now true in the complex world of messaging security. You now need multi-directional, multi-protocol, multi-layer security. Or, as I like to call it, 3D protection for messaging security.

Or to put it in more basic terms: If you hire a guard to watch who is going into your organization that same guard also has to look at who’s exiting your organization as well. The guard has to watch inbound traffic to protect against intruders. Distributed Denial of Service (DDoS) attacks, e-mail bombs and other threats that can bring down the entire e-mail infrastructure.

The guard must also guard against two types of outbound threats: The first is the risk of regulatory-related information slipping out of your company. Here, you have to protect customer or financial data to comply with Sarbanes-Oxley, HIPAA (health insurance portability and accountability act) and other regulations.

The second outbound risk involves your own intellectual property. Naturally, you don’t want a list of your customers, R&D practices or source code information finding its way onto the Web.

2D products don’t work

Unfortunately, many security products have yet to leap onto the 3D landscape. They are stuck in 2D environments. Most legacy gear performs one task—perhaps blocking spam or zapping viruses. The products simply don’t offer 3D protection for messaging and communications.

Still, there’s no reason to call it quits. Savvy Chief Information Officers can keep their companies in the game by studying the 3D threat landscape, and embracing a comprehensive solution that offers complete messaging security. For the sake of simplicity, I have organized the total 3D security solution into three components. Think of them as three steps to success in today’s hostile IT security environment.

Step 1: Multi-direction Protection

The first of our three dimensions is multi-directional security. Here, you’re going to need a security solution that offers inbound protection from intruders, spam, phishing, viruses and worms. But that’s not all. Multi-directional security must also deliver outbound protection, ensuring that e-mail and other types of messages comply with corporate policies and compliance mandates like Sarbanes-Oxley and HIPAA (Health Insurance Portability and Accountability Act).

Alas, some companies discover the need for multi-directional security after the damage has already been done. We have frequently read about pharmaceutical companies that accidentally shared patient information over e-mail. That’s a huge violation of HIPAA that can hurt your brand, your business and your customer relations. A handful of global 2000 businesses have accidentally shared their financial results over e-mail before the news was disclosed to financial markets. That typically triggers a visit from the Sarbanes-Oxley police.

Small, privately held companies also suffer when they fail to master multi-directional security. Much like their larger cousins, small businesses need security solutions that stop confidential information or intellectual property—perhaps your R&D, investment plans or other IP—from leaking out onto the Web.

Here again, lots of vendors sell point product that scan e-mail for questionable incoming and outgoing content. But you need a multi-directional solution that safeguards all of your applications. I call that multi-protocol protection, and it is the second dimension of our 3D matrix for messaging security.

Step 2: Multi-protocol Protection

Admittedly, most of the security industry remains focused on e-mail security. At first glance, that makes good business sense.

During 2006, roughly 90% or more of Internet e-mail traffic was Spam, according to Gartner Inc. It makes perfect sense to mitigate that threat. But you can’t stop there.

You also need to determine whether you are going to permit employees to use Web-based e-mail, instant messaging, peer-to-peer (P2P) file sharing services, and voice over IP applications like Skype. Some businesses will outright ban such applications. But it is becoming increasingly difficult to do so. Today’s college graduates expect to communicate over IM and Skype. And many employees expect to use Web-based e-mail as a back channel for private conversations within work.

This mix of applications similar to the mix of access mechanisms to your business. Naturally, you don’t just lock your front door. You also lock your side doors and back doors. In the digital world, e-mail is often your front door—but don’t forget about newer doors like instant messaging, Web mail and Skype.

Whether you embrace or ban these applications, you need a multi-protocol solution that accounts for them. You’ll need a solution that either blocks IM or effectively scans IM traffic to determine whether the message content is approved for sharing. Several Wall Street firms have already paid stiff fines for failing to monitor and/or block instant messages containing questionable content from employees.

Of course, the risks only climb higher with P2P and VoIP solutions. Consumer P2P systems can allow your employees to quickly decentralize information, sharing throughout your company, and potentially, with company outsiders.

Here again, many vendors promote point solutions. One may effectively target e-mail. Another may manage or monitor instant messaging. Avoid the temptation to tackle each application with a separate security solution. Otherwise, you could wind up with a dozen different security appliances, each focused on a different component of protocol security.

The wiser move is to scour the market for a true all-in-one solution that delivers multi-protocol security.

Step 3: Multi-layer protection

You have tackled multi-dimensional and multi-layer security. So far, so good. But your journey toward true 3D protection isn’t complete. Your final step requires a multi-layered approach to security.

Here again, be careful. Some security companies dabble in desktop security. Others will safeguard your portal or gateway. But what you really need is a multi-layered security system that protects your network edge, your gateway, your PCs and your portal systems.

Don’t be lulled into feeling safe because a new operating system upgrade has a built-in firewall. Don’t settle for only a gateway solution or a network edge solution. Instead, really investigate the market for multi-layered security.

If you do settle for mediocrity, you could wind up creating more problems than you solve. Consider the world of operating systems. Sure, some operating systems now include built-in firewalls. In theory, you have just addressed desktop security, inbound protection and outbound compliance. But in practice, you are dead wrong.

Many built-in firewalls only offer basic inbound protection. They don’t offer any type of in-depth outbound protection. Nor do they protect your portal, gateway or network edge. Again, stick with multi-layer security that addresses each of these network components.

Master of your domain

You now know each component within a 3D protection system for messaging security. Now for the really tricky part of the evaluation process. In addition to finding multi-directional, multi-protocol and multi-layered solutions, you need to make sure that all three solutions work with one another.

The author is vice president of Technology Evangelism at Secure Computing Corp.

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.