Secure by design

The need for efficient data security is greater today than ever with the spread of hosted applications exposed as online services along with other Web 2.0 practices that present a new set of challenges to network security.

Workers are becoming increasingly mobile, enabled by service-oriented architecture and technologies that are eroding the need for office workers to be in offices.

In this new environment, a strategic approach to security is required that maintains flexibility and implements security at the architectural level. This is the approach of industry-leaders in distributed computing and other areas where security faces new challenges.

CIOs and security officers are dealing with an increasingly malevolent approach from attackers and new threats to the network. Whereas attacks on computers and networks in the past were little more than vandalism or experimentation by hackers who were after boasting rights or fun, the modern environment poses real threats to organisations and their data. Security intelligence experts have identified elements of organised crime and even espionage in modern attacks. Today's attacker is more often concerned with financial gain than boasting rights and a big threat exists in the form of identity theft - currently rife internationally.

Another trend is that many attacks are made from within organisations; as much as 46% in the case of companies, according to the Computer Security Institute. These attackers do not need to breach firewalls in order to penetrate the network perimeter and access often unsecured internal systems that find themselves behind secure perimeters - and often where the most sensitive of data is housed.

The very concept of a network perimeter is fading due to remote access by workers and customers, along with connectivity with business partners. The perimeter is becoming difficult to define, never mind defend. Corporate networks extend well beyond the physical boundaries of business facilities with as many external network activities taking place behind firewalls as internal.

Security technologies have become increasingly complicated along with the environments they are meant to protect.

Nick Keene is country manager at Citrix Systems South Africa.

New technologies in virtualisation, distributed computing and application delivery are powerful enablers for business and offer exciting benefits. But in order to effectively make use of these technologies, a new approach to data and network security is required that addresses this environment.

Gartner has identified three security considerations that organisations are struggling with. The first concerns taking a comprehensive approach to data security, the second is an understanding of how to use and position products under various circumstances and, finally, the role of data security in an overall security programme is not well understood.

This struggle is due to a combination of factors. Data security products are typically not as mature as network security products and security managers must often work with smaller-point products. Data security also includes solutions that aren't purely focused on security and good network, host and application security must support data security.

Security technologies have also become increasingly complicated along with the environments they are meant to protect. Complexity makes it possible for areas of security to be overlooked and challenges the prevention and detection of attacks.

These challenges are best dealt with if security is planned for strategically. A foundation must be established that is secure by design and aims to eliminate the traditional compromise between security and productivity. Security must not become cumbersome to workers, while still remaining robust.

Furthermore, an infrastructural approach is required to reduce costs, inefficiencies and the need for custom integration of individual products, while accommodating legacy as well as future technology.

An effective strategy, focusing on these three pillars, leads to end-to-end security that addresses not only external threats to the network, but also addresses the internal environment.

It is possible to deliver applications securely and enjoy the advantages of virtualisation and on-demand access if a secure-by-design approach underpins data security.

It is this approach that enables the seamless connecting of users, devices and networks with business-critical resources and separates leaders from followers in industries that provide these new technologies. It also maintains security while making these services available to any IT infrastructure, no matter how distributed or diverse, and with each other. Products developed in this regard deliver powerful benefits to businesses that help organisations improve IT operations and support business initiatives.