Ken Xie, president and CEO of Fortinet Inc., a Sunnyvale, Calif.-based network security company, says IT administrators and security officers are under a lot more pressure than ever before. Expanding perimeters, leaky hand-helds and virulent viruses are just part of the expanding job they're dealing with today.
Here Xie talks with Datamation about one of the toughest jobs in IT and what administrators can do to make it a little easier.
Q:How much more difficult is a CIO's or IT administrator's job now than it was five years ago? What has changed?
This challenge has been exacerbated by the increasingly mobile nature of business across industries and by the growing demand for ubiquitous access to information from any device and any location.
Another major change is that today's CIOs and IT administrators are facing new and increasingly virulent security threats and new regulations from the government.
Q: Many employees work remotely every day or spend many days working on the road, carrying laptops, cell phones and PDAs. How much more difficult does this make it to secure a network?
There is no doubt the increasing number of remote workers and the mobile devices they rely on are creating new security challenges. If the proper precautions are not taken, it is possible for a single device to act as a point of compromise for an entire network. Threats can include mobile devices that do not have strong user authentication systems and fall into the hands of unauthorized users, providing avenues for access to company networks and sensitive company information.
Another security threat that is not widely recognized is the vulnerability of wireless devices and wireless networks to content-based threats like viruses and worms. Many users do not understand that when they connect to a wireless access point, they join a community of users from whom they have little protection. A user could easily pick up a virus or worm during a wireless work session at their local Starbucks and transmit that virus throughout their network upon returning to the office.
We often joke that your morning coffee could end up costing your employer upwards of a $100,000.
Q:Because of the abundance of mobile workers and mobile technologies, along with strings of business partners, consultants and connected clients, can anyone really know where the network begins and ends now?
The disappearing perimeter is something we talk with customers about every day. The virtual enterprise brings businesses a whole spectrum of cost and productivity savings. It helps companies tap into new sets of human resources. It makes small businesses look like global companies, and enables global companies to deploy resources to even the smallest regions of the world. This is why there is no longer a single point of compromise, and why the IT security industry, as a whole, has been preaching a layered, multi-faceted approach to security for several years.
It starts at the endpoint, be it a desktop or laptop computer, connected to a wired network or wirelessly. You must then place the proper barriers at the edge of the corporate network, or the gateway. This is probably the place where the strongest and best performance security is required. This is the point where people either get in, or are kept out.
Once inside the gateway, or firewall, it's important to segment business. Security should be taken down to the departmental level, segmenting off portions of the company so attacks can be quarantined. To all of this, you must add strict but applicable security policies, and end-user education.
Continue on to hear what Xie has to say about Linux security, the dangers of spam and users who keep downloading viruses....
I think it's probably too early to tell.
It is certainly true today that the most damaging attacks have afflicted Windows-based systems and that, by comparison, Linux has been relatively immune. However, there are real questions as to the true reasons for the apparent safety of Linux.
The first and most important issue is prevalence. Just as in biological systems, dense populations are most conducive to the spread of contagions. And in contrast, more dispersed populations are more immune to rampant, fast-spreading attacks. Thus Linux, with its more sparse installed base -- and absence from the desktop -- will be inherently more secure than Windows, as long as Windows maintains such a dominant share of installations.
Another potential characteristic in favor of Linux is the degree to which Microsoft is viewed as a more ''deserving'' target of attack compared with Linux. In addition, some believe that Linux code, because it is open, is more heavily scrutinized and therefore benefits from the security expertise of thousands of developers, while others say that it is far easier to find security flaws by exercising object code rather than by analyzing source code.
These factors are all extremely complex, so it will be interesting to see how the security posture of Linux evolves as it becomes more widespread.
Q: Worm after worm continues to hit the Internet. Users are still clicking on attachments and downloading damaging viruses. How can we stop the cycle?
Social engineering has always been one of the greatest challenges to security. Those who wish to do harm always seem to play upon natural human curiosity and weakness.
This will always be a problem. While user education is important, we are firm believers that the only truly effective way to stop these threats is to do so before they have the opportunity to reach end users. By implementing effective security solutions at the network gateway and preventing attacks from ever reaching users, companies can take great strides to protect themselves against these threats.
Q: A lot of people still think of spam as a nuisance. How big of a security risk has spam become?
Spam has become a real security issue as the lines between spam activity and malware have become blurred. We believe that, in addition to using intelligent filtering and content analysis technologies to reduce the amount of undetected spam, it will be necessary to raise the ''cost'' of sending spam to the point where the return is no longer attractive in order to truly curtail the practice. There are, of course, many parameters to the notion of ''cost'', so it should be possible to make a big dent in spam activity without necessarily charging for email.
Q: What do you see coming down the road in terms of security technology?
The key challenges -- and opportunities -- will be to deliver security technologies that are enablers of all of the new and exciting applications that have only started to show their promise, such as voice and video, instant messaging, real-time collaboration, e-commerce, and more. The individual piece parts -- encryption algorithms, authentication systems, and the like will continue to improve. But the real benefits will come when security becomes embedded with, and ultimately as ubiquitous and invisible as the network itself.