Products from multiple vendors, running on platforms not necessarily built to handle security software, equal network complexity and a lack of security that would give Linus Torvalds a headache. Too much time is consumed integrating software, hardware and the security application itself, and not enough time on planning and implementing, and ongoing support - thereby compromising the security and reliability of your actual network. Add to this the need to stay abreast of bug patches and version management - your network security system is complicated even further.
The result is a gap between the network protection you have and the network protection you require.
Keep it Simple
Simplicity should be the goal for any network solution. With network security it should be a mantra. Keeping it simple allows time and resources to focus on enabling the secure, trusted environment a business needs, rather than the mundane complexities of network security's very nature.
But simple to do what? Order? Install? Operate? Maintain? All of these elements are required if a system is to be successful, but it will only be truly successful if it can be made less complex and simple to use - especially when protecting your company's mission-critical information. Imagine spending integration and management time on other, more pressing security issues such as investigating potential weaknesses in a network?
Applianc-ize and Simplify your Network Security
One of the easiest ways to reduce the complexity of network security is to deploy a 'security appliance.' These appliances are purpose-designed platforms running a pre-hardened operating system and pre-installed with best-of-breed security applications for a custom-built platform that's literally as easy as plug and play. Simply put, integrated appliances possess all the features you need for securing your network, including, firewall, virtual private network (VPN) and intrusion detection. Integrated appliances are also pre-configured, pre-tested for ease of deployment, remote management, automatic updates and, best of all, there is one number to call for global support 24 hours, seven days a week. The time, money and IT resources that an integrated appliance saves are as appealing as the simplicity of the network security solution itself.
Deploying solutions based on the appliance model offers benefits like identity customization, performance enhancement, comprehensive management and one support team.
Customized identity. Different license keys can be applied to each appliance, enabling a firewall, a VPN, both firewall and VPN, intrusion detection appliance or anti-virus appliance. These core functions form the basis of any secure network environment and because a security appliance is generally very simple to deploy, many complex steps can be removed and a stronger solution implemented.
Performance. A purpose-designed appliance usually has the hardware features required to deliver optimum performance from the software applications it enables. Similarly, the operating system should be closely coupled to the hardware in order to provide maximum performance and security. The result is optimized performance of the platform, operating system and, most importantly, the network security application it runs. General-purpose hardware platforms and off-the-shelf operating systems cannot offer these features.
Management. Secure software management is an integral part of maintaining every organization's trusted network environment, and true network security cannot be accomplished without secure network management. Traditionally, network management has been a considerable challenge for most organizations because it has required hands-on manual installations for configuring and upgrading the software and applications one device at a time. This is redundant, prone to errors, rapidly consumes precious resources and leaves less time to concentrate on security policy and other business priorities. Human error and lack of sufficient network management capabilities are leading causes of network downtime and exposed vulnerabilities. Equipping your network with effective management tools helps simplify maintenance of your network environment and ensure network security.
Taking the Complexity Out of Network Updates
I have installed the firewall, the intrusion detection and now it's time to take a rest feeling totally secure - right? Wrong. What about software updates and patches and general remote maintenance? The process is not that complex or daunting when there are only one or two devices to be managed, but what happens when there are tens, hundreds or thousands of machines which need software updates and patches, or when you are faced with a significant deficit of IT and IM skills and resources? This can be an unmanageable chore and one that is consistently prone to manual errors, thus security vulnerabilities. How does someone securely update a remote site, keep the site operational, and ensure that the new software update does not cause any problems?
This is where software management solutions come into play. Rather than the time-consuming, labor-intensive task of manually updating each site, one by one, an effective management tool efficiently updates all devices at once or can partition the network into multiple zones, allowing specific levels of software to be applied to different devices. Through 'do no harm' installation policies, these software solutions can ensure that a site isn't taken off line by incorrectly installed software. Again, the object is to take as many manual tasks out of a network security solution as possible to reduce the complexity and increase the security.
Don't Forget Service and Support
No security policy would be complete without the ability of the vendor to provide in-depth global support as part of its solution. Ad hoc support arrangements are simply not enough for what a secure network requires. Crisp support teams and well-defined procedures are required when dealing with network security products. A trusted vendor and a worldwide network are essential in reducing complexity and maintaining network efficiency in today's global economy. A commitment that stands by the entire appliance without passing the problem like a hot potato to the next component's owner ... one that effectively addresses the issue and solves the problem.
By their very nature, network security solutions are complex. They are performing essential tasks, protecting critical assets, networks and a company's reputation. But by eliminating as much complexity as possible, systems can be made more secure, less prone to human error and easier to implement. Look for solutions that integrate best-of-breed applications with hardened platforms from established and trusted vendors. Doing the homework upfront before choosing the right network security solution will save a company many headaches and ensure a trusted network environment for all users, whether local or remote.
Dan MacDonald is vice president of Nokia Internet Communications (www.nokia.com/securitysolutions).