* Reader explains where Cisco’s ASA 5500 makes sense A reader responded to a recent article about the Cisco ASA 5500 unified security appliance with a different perspective from that of the original author, Norman Bari. With permission of the reader, who prefers to remain anonymous, here are his comments:* * *I too am a very strong believer of security in-depth. A layered approach is always the most secure approach. Unfortunately, the realities of business rarely allow for a complete implementation of this model.Consider if you will my situation where I carry responsibilities for all networking and network security in an organization that: has zero technical security staff; a network that more than doubles in size every year; a severely shorthanded network staff that has not grown in four years; a budget that also has not grown even $1 in four years; computer rooms (I hesitate to call converted conference rooms “datacenters”) that are underpowered, under-cooled and out of space; an exponentially growing demand for VPN sessions; and firewalls so old (PIX 520) that many of your Cisco readers have probably never even heard of them. We are by no means a small or even midsize company, having been listed on the Fortune Private 500 in all of my seven years here, and are one of the fastest growing companies in our industry. But when you consider that, for the cost of moving from 100 to 200 VPN sessions on my existing concentrator (Cisco 3015), I could instead purchase two ASA 5500 appliances giving me 600 simultaneous VPN sessions *and* two brand-new, and desperately needed, firewalls, then the choice is simple.Do I like that choice? No. In fact some years ago I was quoted in a professional networking magazine espousing exactly the same philosophy as Mr. Bari. Unfortunately, the realities of supporting a growing business have made me realize that the best security choice isn’t always about best security practices. Many times it is a compromise between business needs and optimal security. In this respect, the ASA 5500, coupled with vigilance, is that best compromise.* * *In my classes on security management, I emphasize that all of security involves tradeoffs. It is impossible to come down absolutely for or against a tool without knowing the context it will be used in. Is a Swiss Army knife better than a box of tools? Depends what you want to do, how often, how well and at what cost.I thank our anonymous reader for taking the time to provide a different perspective on an interesting question. Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Technology Industry Markets news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Mainframes Mainframes Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe