IT departments worry over threat of data leaks from more open networks
(12/03/2008)

According to new research, IT departments are under pressure to make corporate networks more accessible to remote workers and a range of external users despite fears over the increased threat of data leaks, malicious content and hacking that this entails.

91 per cent of the 381 UK and North American IT executives polled in the survey by AEP Networks admitted there is a bigger risk of sensitive data being exposed to ‘unauthorised eyes’ when networks are made accessible to remote workers and external users such as contractors, partners and customers.

89 per cent highlighted the greater threat of malicious content such as viruses because of wider network accessibility and 85 per cent noted the increased possibility of hacking.

But this opening up of the network is fast becoming inevitable, with 97 per cent agreeing that today’s networks are more accessible to a variety of internal and external users and devices than five years ago. 94 per cent either already allow or plan to allow access to remote workers, while a large number already permit or plan to permit access to the following types of user:
· Suppliers/partners (39 per cent)
· Company guests/visitors (28 per cent)
· Outsourced workers (36 per cent)
· Contract staff (57 per cent)
· External IT support and maintenance (59 per cent)
· Customers (32 per cent)

The results illustrate the dilemma faced by many IT departments today as Reginald Best, Chief Operating Officer of AEP Networks explained: “On the one hand, IT is rightly under pressure to open the network door to partners, suppliers and customers to improve efficiency and enhance business processes. On the flip-side, they’re sweating over how to prevent unauthorised access, protect company information and deflect malicious attacks.”

With so many different types of user coming onto the network, many IT departments are addressing fears over increased security risks by investing in new technology. The major areas for IT security budget increases over the next 12 months include Secure Remote Access, mentioned by 48 per cent of the survey, Network Access Control (NAC) (41 per cent), Identity-based network security solutions (37 per cent) and Encryption (35 per cent).

Many of these investments will help, but what’s also needed is a clear, underpinning strategy according to Best, whose company has its roots in secure remote access and encryption systems for government and is now increasingly focusing on a new approach to security based on policy networking.

Technologies such as Identity based security systems, Secure Remote Access and NAC need to be tied together under a policy driven network security strategy. This policy networking model argues for a suite of solutions which interact with existing network systems to enforce rules and policies controlling who and what can be admitted to the network and the resources and information they’re allowed to access.

“What systems should specific types of remote workers be allowed to access? What should you do about visitors who don’t have the required antivirus on their machines but need to work on your network? And what about providing a safe level of access to users who want to log in from third party locations such as Internet cafés? How does the organisation track and audit access? These are the types of issues for which organisations need to develop policies,” said Best.

Once there is agreement on these areas, the various components of the policy networking environment can interact with existing directories and authentication systems to verify users’ identities and rules governing their access to the network. Those that don’t fit with policy or display offending behaviour might be put into quarantine, given a lesser degree of access, or denied access altogether.

“It effectively allows you to ‘shut the network door’ to anything that appears undesirable,” concluded Best.