How to maintain security without increasing the operational load on IT staff

I continually have to support more users, devices and applications on my network, but I get no new staff to handle the increased load. I know a lot of these users and services are important to helping our company keep up with changes, but I'm wondering what I can do to keep my network, and the data we have on it, safe. Any tips for how to maintain control in this changing environment, without increasing the operational load on my staff?

A number of factors are increasing the challenges of keeping networks secure. One source is additional users of varying types -- including some with multiple roles -- coming onto the network. IT staff finds it must support remote workers, guests, contractors, partners, suppliers -- sometimes even competitors -- on the LAN and yet still protect sensitive corporate assets.

The range of applications is also growing, with users often running their own applications to get a job done. Growth in the number of applications, and the number that are outside IT's official sanction, is dramatic. The so-called "Port 80" problem -- where so many applications use a Web browser to operate -- contributes to the confusion.

And finally the number of devices is also on the rise. In some cases, users are bringing their own laptops and smartphones into the enterprise. In other cases the organization's employees need new tools, such as a doctor using a laptop or tablet PC to get electronic patient records.

With this LAN sprawl occurring in so many dimensions at once, IT would be hard pressed to stay in control of assets under the best of conditions. But in most cases, IT is simultaneously being asked to manage this sprawl with fewer resources. Staff time is at a premium, so IT needs tools to take up more tasks to save human time for much more strategic work.

Where are some areas IT can look to tools to improve security without creating an operational burden? Some help desk tasks have already made this conversion. Automated password reset programs, for example, have been around for years. One enterprise, which contracts with a large professional services organization for provisioning contractor access on the LAN, saves $10 each time a contractor sets his own password vs. calling the help desk. Given this organization supports more than 35,000 contractors worldwide, these savings are substantial every year and provides a direct monetary value equivalent for saving IT time.

Log compilation is another example. To stay on top of possible breaches, organizations need event correlation, and the more that software can do the job of compiling syslog output, for example, instead of having people do it, the better security awareness the organization has without any more staff time consumed.

Provisioning guest access or separate guest/contractor/staff traffic are two more examples where tools can dramatically offload IT time. Network infrastructure that automatically controls network access by taking into account the role of a person, rather than requiring the administration of virtual LANs and access control lists, provides another major time savings.

In many cases, gaining these operational savings requires some capital outlay. At first blush, this might sound like a money-losing approach. But given that operational expenses account for 80% of the ongoing cost of networks and capital equates to only 20%, spending a little capital up front can reap significant operational savings over the long term.

Copyright © 2009 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022