IT security is a long and bloody war. One of the key issues is working out where the next battle is going to be. The 2006 DTI report, 'Changing nature of information security' showed how the battlefronts have shifted, from attention-seeking hacking and malware / spyware attacks to purely financial motivation.
The report also showed the changing IT security needs of corporations:
- The need to be able to function everywhere with full network access is leading to deperimeterisation where the office network is no longer a secure and logical boundary;
- Mobile working has accelerated the challenge to balance utility and privacy, security and operational integrity;
- Increasing demands from business to enable low-cost collaboration and data sharing over open public networks such as the internet.
Too many cooks?
All this increases the number of business partners from the traditional one or two to a plethora of organisations offering a variety of services, all with different security policies, products and standards.
In the words of one security professional at Sun Microsystems, the various ages of privacy - which mirror the ages of doing business - are:
- The age of the firewall - keep all inside;
- The age if the internet / intranet - manage both inside and outside the firewall;
- The age of the extranet - manage data through the firewall.;
- The future age of participation - allow access when authorised and block when not.
Streamlined security and universal access
According to the DTI report, in order to meet these needs for deperimeterisation and mobile working, there is a new set of requirements:
- Uniform, flexible and simple access methods to allow greater collaboration between organisations;
- New security controls to cope with diversity and geographical problems.
So how can this be achieved in practice? Here's an example of how a public–sector organisation, Watford Borough Council, approached the issue, in order to support and develop its pioneering flexible working initiative and provide secure remote access for designated council employees.
Watford's flexible friend
Watford Borough Council has deployed a network security solution enabling council employees to work from home or remotely with secure remote access to key applications including email, file directories and bespoke customer management systems.
The technology is an important element in supporting the authority's business continuity plans, ensuring the smooth running of council services in any eventuality, in addition to increasing overall efficiency in working practice and council productivity.
Data protection: keeping it secure
Remote network access is controlled by the IT department, ensuring staff have access to the designated files and programmes necessary to work effectively and productively from any location.
With users accessing the corporate network via wireless connections, laptops and home PCs, the solution ensures the network remains secure, with personal firewalls installed on every PC and laptop, and council acceptable usage policy automatically enforced to help prevent malware such as spyware and Trojans from entering the network.
Client-check functionality also ensures remote PCs are running the latest antivirus software before any connection is made to the network.
This network access solution represents a significant part of Watford's business continuity plans. The council has the reassurance that should employees be unable to come into the council offices, services will nevertheless continue to run as normal.
A win-win situation: maximising security and productivity
According to the Council, flexible working also improves choice and working options for council employees whilst boosting productivity and helping them to achieve maximum efficiency and best value as set out in the Gershon efficiency agenda.
The solution is a scalable one, and Watford hopes to extend the remote access to additional departments within the authority, to develop a wide-reaching business continuity strategy for the whole borough and promote flexible, home-working on a larger operational scale.
Watford Borough Council offers an example of how a deperimeterised approach to network security encourages simple, flexible mobile working and can boost overall efficiency and output.
Attack is the best form of defence, and by opting for a deperimeterised approach which combines end-point security and network access control with improved mobility, organisations stand the best chance of winning the business and IT security war.