By SANDRA GITTLEN

Security: A tough nut to crack
Security is more about politics than technology

Network World, 06/12/02

I just wound up my four-city stint with Network World's State of Security Town Meeting (the tour itself has two more cities to go) and I have learned a very critical lesson: security is more about politics than technology.

The IT managers who attended the seminar were alike in one respect: they all had issues with security that stemmed from corporate culture rather than integrating technology.

Their biggest challenge was getting together with the "pure" network guys to hammer out a cohesive security strategy. Time and again, the issue came up that network guys want to work with their vendors, such as Cisco, etc., and the security guys want to work with their mainstays like Check Point. So, how do you get the two to see eye to eye and put in the technology that's best for the company?

You have to open the lines of communication, the panelists said. One attendee asked if pure-play security companies will become obsolete as more and more technology is thrown into other net gear. The Cisco rep on the panel jokingly said that'd be great, but the quickly added that competition is needed in the security field. That without it, things would stymie.

Joel Snyder, moderator for the event and founder of Opus One, said that you have to convince upper management that security is important and that will then force dialogue between the various factions of the IT staff. Having buy-in from your superiors is key to making security a priority for the business.

The panelists, who represented Cisco, Foundry, SSH, AppGate and Top Layer, agreed that without the support of corporate executives security cannot be a comprehensive endeavor. To get the attention of upper management, they recommended putting together a "scare" package that shows how much other companies suffered after being attacked by viruses, worms and denial-of-service slams. Then, do an audit of your system to show where the holes are. If you have firewalls, temporarily remove them to see what traffic is going where and document what your weaknesses are. Show them your strategy for shoring up the network and what mission-critical data you'll be protecting. Then show them the dollar figures of a catastrophic loss vs. the cost of a reinforced network. The math will not be difficult and you'll be a hero.

A note about cost, though, that I found interesting. I've always been in the camp that believed it when vendors told me a virtual private network, by virtue of riding over the 'Net, will save you money every time. However, Snyder pointed out to attendees that VPNs can save you money, but may not, and that shouldn't be your over-arching reason for using them.

What do you think? Let me know at sgittlen@nww.com.

To catch the last leg of the State of Security Town Meeting

 

Current Article

Motivating You - Network World digs deep into your work, career and free time

Past Articles

Your WAN: What's your next move? What you'll learn at Network World's WAN Technology Tour

Wireless: How far we have come - What to expect at Network World's WLAN Technology Tour

What's new about the New Data Center: How the concept of the New Data Center forces different thinking

2004: What do you need to know? - Your chance to help shape the Network World Technology Tour

What identity management can do for you: The importance of identity management

Mailbag: Who's minding the voice calls? A trick question

Mix 'n match storage: Not all data requires the same storage approach

Key to VoIP success? Training VoIP smarts

Who is responsible for securing voice calls over data lines? - Network and data managers must work together to ensure network integrity

Is your network view cloudy? - Storage: Shoring up your enterprise strategy

Six options for securing wireless LANs: Lessons from Network World's Security Technology Tour

Security and Storage: The perfect pair

Get savvy about SAML: Single sign-on with SAML

Standardizing IT skill sets: Your chance to help shape the standards for IT skill sets (05/14/03)

The art of consolidation: Consolidation is not an admission of defeat (05/07/03)

Reinforcing security: Network World Technology Tour focuses on corporate security (04/30/03)

The Day Two demands of VoIP: Taking voice-over-IP to the next level (04/23/03)

Instant messaging getting its due?: Instant messaging finds a home in the enterprise (04/16/03)

A powerhouse of CEOs in one room : Of Cisco, Linksys and Vortex 2003 (04/09/03)

How to survey your site for WLAN : Getting ready for WLAN in your enterprise (04/02/03)

Fooling spamers : Anti-spam tips from the Center for Democracy & Technology (03/26/03)

IEEE works on wireless access for riders on high-speed vehicles : Introducing IEEE's 802.20 spec (03/19/03)

Where will you spend your security dollars : What's the most important to you in security? (03/12/03)

What are your WLAN concerns?: Join our Wireless LANs Technology Tour (03/05/03)

Voice and video on the security scene: Identification via voice and skin recognition (02/26/03)

Is now the time for service level management?: What came out of the Service Level Management Tour? (02/19/03)

Setting limits: When to say "No" to end-users (02/11/03)

Keeping up with the patches: Resources to help guard against security attacks (02/05/03)

State of the state: Venture capitalists are cautiously optimistic about the future (01/29/03)

Demo: Who says innovation is dead? (01/22/03)

Inside Wireless LANs: Building and managing a well-integrated WLAN network (01/15/03)

Inside service-level management: A look at what Network World’s Technology Tour on SLM will offer (01/07/03)

Shaking the tree: The problems with voting systems (12/17/02)

Videoconferencing: Bring it on (12/11/02)

It’s not just about networks anymore: Extending enterprise applications (12/04/02)

Mailbag 2: Dial-up is (not) history (11/27/02)

Mailbag: Dial-up is dead (11/20/02)

Voting: A lesson in technology (11/13/02)

Dial-up is history: Hurray for wireless LANs (11/06/02)

Dial-up is history (10/30/02)

Inside the LAN (10/23/02)

Your WAN concerns (10/16/02)

Mobile interaction (10/09/02)

The Wireless World (10/02/02)

The State of IT Spending (09/25/02)

Let's talk VoIP (09/18/02)

Distance learning not all about distance (09/11/02)

What's the state of your WAN? (09/04/02)

Paperless society falls by the wayside (08/28/02)

Educating tomorrow's IT managers (08/21/02)

Educating tomorrow's IT managers (08/14/02)

Your work concerns (08/07/02)

All about You (07/10/02)

A tale of woe from the front line (07/10/02)

Your commitment to yourself (07/03/02)

Mailbag: Who should foot the training bill? (06/19/02)

Security: A tough nut to crack (06/12/02)

Training is up to you (06/05/02)

How valuable is training?(05/30/02)

Data prioritization: Not as easy as you think (05/22/02)

Keeping up with security (05/15/02)

Storage: The crux of business continuity (05/09/02)

IT training on the rise for 2003, NetSmart, 05/03/02

The allure of 3G, NetSmart, 04/24/02

RFPs: Get your money's worth, NetSmart, 04/10/02

Cisco exams tests real-world skills, NetSmart, 04/03/02

Wireless: The key to enterprise application integration?, NetSmart, 03/27/02

Are you ready for voice over IP?, NetSmart, 03/20/02

The value of communication, NetSmart, 03/13/02

Your thoughts on training and technology, NetSmart, 03/06/02

More vacation time or more certifications?, NetSmart, 02/27/02

Live demos: Could you do them?, NetSmart, 02/20/02

Take our learning "test" to help us help you, NetSmart, 02/13/02

Screaming for streaming media, NetSmart, 02/06/02

Mailbag: Ways to learn on a shoestring, NetSmart, 01/30/02

HIPAA's ripple effect, NetSmart, 01/23/02

Ways to learn on a shoestring, NetSmart, 01/16/02

Spring 2002 tour schedule, NetSmart, 01/09/02

Several ideas for finding internship opportunities, NetSmart, 12/21/01

How to get the best out of trade shows, NetSmart, 12/19/01

Internships make a comeback, NetSmart, 12/12/01

The longevity of skills, NetSmart, 12/05/01

The State of the LAN/MAN tour is underway, NetSmart, 11/28/01

State of the LAN/MAN seminars and resources, NetSmart, 11/16/01

Got Certification?, NetSmart, 11/14/01

Your thoughts on certifications, NetSmart, 11/07/01

Resources to help you decide if XP is right for you, NetSmart, 10/31/01

The benefits of short-term certifications, NetSmart, 10/24/01

A list of storage resources on the web, NetSmart, 10/15/01

Reviewing IT Budgets, NetSmart, 10/09/01

Local-based training options, NetSmart, 10/02/01

Disaster recovery, Part 2, NetSmart, 09/27/01

Help for disaster recovery planning, NetSmart, 09/20/01

The power of public speaking, NetSmart, 09/17/01

Tips for getting to know your colleagues, NetSmart, 08/21/01

Places to talk about tech online, NetSmart, 08/14/01

The fall lineup, NetSmart, 08/07/01

Salary survey shows certification boosts your pay, NetSmart, 07/31/01

Ease your concerns with training, NetSmart, 07/24/01

Summer vacation: A great training opportunity?, NetSmart, 07/19/01

Train the trainer, NetSmart, 07/10/01

The manager's role in training, NetSmart, 07/02/01

Project management is your best friend, NetSmart, 06/27/01

Tracking one network manager's journey to CCIE, NetSmart, 06/21/01

Practice makes perfect, NetSmart, 06/14/01

Training in two's, NetSmart, 06/07/01

Training isn't just about education, NetSmart, 05/30/01

Boot camps boost you network skills, NetSmart, 05/23/01

The many benefits of on-Site training, NetSmart, 05/16/01

Back to basics, NetSmart, 05/02/01

Gittlen is Events Editor at Network World.
You can e-mail her at sgittlen@nww.com.