Multi-Layer Security Platforms

By | December 5, 2006

They must become more economical. The security budgets for most organizations are already strained to the point that purchasing a plethora of additional countermeasures is simply not realistic. This leads to multi-function security appliances being an ideal choice. However, it is important to realize that this holds true only to the extent that it is unnecessary to compromise in terms of either the quality of the individual countermeasures or the performance of the overall system.

The Expanding Portfolio of Technology and Applications

Another significant change driving the need for multi-layer security platforms is the growing diversity and quantity of computing resources, both infrastructure and information, that now needs to be secured. Recent years have seen businesses trying to remain competitive, or even get ahead in the game, by implementing a rapidly expanding array of new technologies (e.g., instant messaging, Personal Digital Assistants, smartphones, Wireless Local Area Networks, web services, and IP telephony), by dramatically increasing their online presence, and by deploying a wide variety of revenue generating and/or productivity enhancing applications.

The issue here is twofold. First, as suggested earlier, there is simply more mission critical “stuff” that needs to be secured. This alone reiterates the need for security solutions that are both efficient and which provide greater degree coverage (based on the scope of security services they provide). However, it is also important to acknowledge that much of this “stuff” is relatively new to the market (at least initially), is fairly complex, or may even be highly distributed in nature. Such conditions inevitably yield an indefinite period of time that is characterized by a spike in the population of code-based vulnerabilities, as well as an increased potential for vulnerabilities being introduced through configuration errors (at least until administrators become more familiar with the new technologies).

Overall, what this suggests is that:

The effectiveness and efficiency gains derived by using multi-layer security platforms are essential to help offset the effort and expense of operating point products to secure emerging (or even legacy) technologies;

Ideally, a multi-layer security platform should have an architecture that fosters adaptability and flexibility, thereby enabling its scope of coverage to be extended to cover new technologies over time.

The Proliferation of Points of Protection

Closely related to the previous section´s challenge of having to protect a rapidly expanding population of computing resources is the need to provide this protection at a growing number of physical locations within an organization´s environment. Indeed, the implications in both cases are essentially the same. Specifically, the need for substantially more security coverage – be it functional or physical – necessitates the greater overall effectiveness, efficiency, and economy available with multi-layer security platforms, as opposed to an extensive portfolio of point products.

The underlying issue in this case is that organizations no longer have well-defined perimeters characterized by a handful of Internet connections and private Wide Area Network links to their satellite offices and a few key partners. Instead, opportunities for greater revenue and operational efficiencies have driven organizations to enable much higher degrees of interconnectivity and in-depth access to their networked systems. Indeed, over the past few years, virtually all businesses have increased their support for online customer services, business-to-business relationships, local access by guest users, telecommuting and employee mobility, and remote office/branch office computing services.

Consequently, they now need comprehensive protection (from a functional perspective) not only at multiple “perimeter” demarcation points, but also on their internal networks, at user endpoints, within their data centers, and at their branch offices.

The Emergence of Regulatory Compliance

Another high profile change has been the emergence of a plethora of privacy and security related legislation and industry specific regulations. However, given that most IT and business personnel are already well versed in or are otherwise numb from hearing about compliance, it is appropriate to spare the details and cut right to the consequences. In particular, these include that:

Providing comprehensive privacy and security (against all threats, for all resources, and in all locations) is not an option – it is essentially a legal necessity;

Fulfilling compliance obligations will be a significant drain on already strained IT and security resources, thereby further escalating the need for security solutions that are highly economical and easy to operate; and,

To help address compliance requirements, security solutions should include capabilities to facilitate the creation, deployment, and confirmation of associated policies (e.g., unified management, detailed logging, and robust reporting).

Point Products Piling Up

Hopefully by this point it is clear that the security landscape has undergone significant changes in recent years. For many organizations, trying to keep up with these changes by sticking with conventional wisdom has led to point products now starting to pile up. And along with them have come rising operational costs, greater complexity, and, somewhat ironically, reduced effectiveness – especially since few if any of the pieces of the puzzle are capable of working together.

To be clear, best-of-breed point products do in fact provide in-depth security capabilities. However, each product is only narrowly applicable and is therefore unable to provide the breadth of coverage needed in today´s IT environments. To put it another way, the (potential) incremental gain in security capabilities that can be attained with best-of-breed products is simply not sufficient to offset the complexity and expense that will result from organizations needing to implement many of them to cover all of their bases.

In contrast, multi-layer security platforms hold the promise of more efficiently and economically providing an effective, modern-day security solution. This is based on integrating a full set of security services into a single, easy-to-manage appliance that is capable of supporting a wide range of deployment scenarios.

The New Definition of Best of Breed

Of course, recognizing the need for multi-layer security platforms is only half the battle. It then becomes a matter of being able to identify a best-of-breed solution that fits the bill. In this regard, organizations are advised to focus on the following four categories of evaluation criteria:

Multi-layer Security

Given that the primary objective of using a multi-layer security platform is to obviate the need for a series of point products, it is clearly a fundamental requirement that such solutions incorporate a wide range of the most commonly needed security services.

Leave a Reply