Networking

04:00 AM
Art Wittmann
Art Wittmann
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Strategy Session: Security Drives Everything

Massive data loss incidents (such as the one at T.J. Maxx) seem to suggest that not everyone is quite clear on the simple premise: Understanding your security needs is fundamental

It won't surprise you that, according to Forrester, improving security is at the top of most enterprise IT to-do lists. It's been that way for a while now and, given the regular flow of news stories about corporations losing sensitive information, and the feds likely to pass a national data-leak disclosure law (read Patrick Mueller's Legal Brief column), it's likely to stay that way. But the calculus of what constitutes a reasonable approach to security is anything but consistent from one enterprise to the next.

As an example, consider the deployment of Wi-Fi in the enterprise. In his analysis of NWC's annual NAC survey, senior technology editor Andy Dornan finds that ensuring the conformance of Wi-Fi-connected clients is way down the priority list for those who've already deployed NAC. That stands in stark contrast to those who are still in the planning stages; they rate Wi-Fi client compliance among their top four priorities.

Why this disconnect? It seems if you're concerned enough about security to already be implementing NAC, you're also probably concerned enough not to implement wireless. It's just too risky. Not surprisingly, early NAC implementers are likely to be security-minded government agencies and those who deal with them, financial institutions, and very large corporations that stand to be hit hard if they run afoul of Sarbanes-Oxley.

Meanwhile, the heavily regulated health-care sector shows less interest in NAC, but has fully embraced wireless. One senior IT architect at Kaiser Permanente made it clear why at a recent NWC NAC forum. He has thousands of network-attached devices that can't be updated for any reason--at least not without going through expensive and time-consuming FDA recertification. That makes NAC less attractive, which in turn affects the way Kaiser architects its networks.

Network architecture is but one place where the security calculus reigns supreme. As the Web 2.0 wave hits the enterprise, Ajax programming is all the rage--that is, until you consider security. Contributing technology editor Jordan Wiens brings that point home in his Rolling Review kickoff of Ajax vulnerability scanners. Will the enterprise trade-off be security for snazzy Web-based GUIs? It'll depend on your security posture. If you aren't consciously making that calculation, you can bet you're lacking on the security side.

Art Wittmann is a former editor for InformationWeek. View Full Bio
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed