Exec Talks about Growing Security Pressures
IT administrators and security officers are under a lot more pressure than ever before. Ken Xie, president of Fortinet Inc., talks to eSecurityPlanet about the added workload and what can be done to make the job a little easier.
Ken Xie, president and CEO of Fortinet Inc., a Sunnyvale, Calif.-based network security company, says IT administrators and security officers are under a lot more pressure than ever before. Expanding perimeters, leaky hand-helds and virulent viruses are just part of the expanding job they're dealing with today.
Here Xie talks with Datamation about one of the toughest jobs in IT and what administrators can do to make it a little easier.
Q:How much more difficult is a CIO's or IT administrator's job now than it was five years ago? What has changed?
This challenge has been exacerbated by the increasingly mobile nature of business across industries and by the growing demand for ubiquitous access to information from any device and any location.
Another major change is that today's CIOs and IT administrators are facing new and increasingly virulent security threats and new regulations from the government.
Q: Many employees work remotely every day or spend many days working on the road, carrying laptops, cell phones and PDAs. How much more difficult does this make it to secure a network?
There is no doubt the increasing number of remote workers and the mobile devices they rely on are creating new security challenges. If the proper precautions are not taken, it is possible for a single device to act as a point of compromise for an entire network. Threats can include mobile devices that do not have strong user authentication systems and fall into the hands of unauthorized users, providing avenues for access to company networks and sensitive company information.
Another security threat that is not widely recognized is the vulnerability of wireless devices and wireless networks to content-based threats like viruses and worms. Many users do not understand that when they connect to a wireless access point, they join a community of users from whom they have little protection. A user could easily pick up a virus or worm during a wireless work session at their local Starbucks and transmit that virus throughout their network upon returning to the office.
We often joke that your morning coffee could end up costing your employer upwards of a $100,000.
Q:Because of the abundance of mobile workers and mobile technologies, along with strings of business partners, consultants and connected clients, can anyone really know where the network begins and ends now?
The disappearing perimeter is something we talk with customers about every day. The virtual enterprise brings businesses a whole spectrum of cost and productivity savings. It helps companies tap into new sets of human resources. It makes small businesses look like global companies, and enables global companies to deploy resources to even the smallest regions of the world. This is why there is no longer a single point of compromise, and why the IT security industry, as a whole, has been preaching a layered, multi-faceted approach to security for several years.
It starts at the endpoint, be it a desktop or laptop computer, connected to a wired network or wirelessly. You must then place the proper barriers at the edge of the corporate network, or the gateway. This is probably the place where the strongest and best performance security is required. This is the point where people either get in, or are kept out.
Once inside the gateway, or firewall, it's important to segment business. Security should be taken down to the departmental level, segmenting off portions of the company so attacks can be quarantined. To all of this, you must add strict but applicable security policies, and end-user education.
Continue on to hear what Xie has to say about Linux security, the dangers of spam and users who keep downloading viruses....
By Laura Taylor
June 03, 2004
While PDA and smartphone security is often a forgotten piece of the security infrastructure, these devices have the ability to transmit and receive viruses, and can be exploited in numerous ways. In this article, the first in a series on the subject, we provide a general overview of PDA security and discuss vulnerabilities, products, security issues, and policies.