Sunday, October 24, 2021

Exec Talks about Growing Security Pressures

The IT department is dealing with many more security issues than they

were five years ago or even a year ago. As both networks and attacks

grow in complexity, it takes more time, skill and energy to protect a

company’s information and its very viability.

Ken Xie, president and CEO of Fortinet Inc., a Sunnyvale, Calif.-based

network security company, says IT administrators and security officers

are under a lot more pressure than ever before. Expanding perimeters,

leaky hand-helds and virulent viruses are just part of the expanding job

they’re dealing with today.

Here Xie talks with Datamation about one of the toughest jobs in

IT and what administrators can do to make it a little easier.

Q:How much more difficult is a CIO’s or IT administrator’s job now

than it was five years ago? What has changed?

In today’s business environment, CIOs and IT administrators face many

new challenges that were either not present or not as extensive five

years ago. Following the dot-com bust of the late ’90s and early 2000s,

IT budgets and staffs became the focus of drastic cuts in most

organizations. IT spending has yet to return to pre-bust levels. As a

result, CIOs and IT administrators are being forced to do more with less

— from integrating new technologies with legacy systems to extending

support for mobile workers with limited infrastructure investment.

This challenge has been exacerbated by the increasingly mobile nature of

business across industries and by the growing demand for ubiquitous

access to information from any device and any location.

Another major change is that today’s CIOs and IT administrators are

facing new and increasingly virulent security threats and new

regulations from the government.

Q: Many employees work remotely every day or spend many days working

on the road, carrying laptops, cell phones and PDAs. How much more

difficult does this make it to secure a network?

There is no doubt the increasing number of remote workers and the mobile

devices they rely on are creating new security challenges. If the proper

precautions are not taken, it is possible for a single device to act as

a point of compromise for an entire network. Threats can include mobile

devices that do not have strong user authentication systems and fall

into the hands of unauthorized users, providing avenues for access to

company networks and sensitive company information.

Another security threat that is not widely recognized is the

vulnerability of wireless devices and wireless networks to content-based

threats like viruses and worms. Many users do not understand that when

they connect to a wireless access point, they join a community of users

from whom they have little protection. A user could easily pick up a

virus or worm during a wireless work session at their local Starbucks

and transmit that virus throughout their network upon returning to the

office.

We often joke that your morning coffee could end up costing your

employer upwards of a $100,000.

Q:Because of the abundance of mobile workers and mobile

technologies, along with strings of business partners, consultants and

connected clients, can anyone really know where the network begins and

ends now?

The disappearing perimeter is something we talk with customers about

every day. The virtual enterprise brings businesses a whole spectrum of

cost and productivity savings. It helps companies tap into new sets of

human resources. It makes small businesses look like global companies,

and enables global companies to deploy resources to even the smallest

regions of the world. This is why there is no longer a single point of

compromise, and why the IT security industry, as a whole, has been

preaching a layered, multi-faceted approach to security for several

years.

It starts at the endpoint, be it a desktop or laptop computer, connected

to a wired network or wirelessly. You must then place the proper

barriers at the edge of the corporate network, or the gateway. This is

probably the place where the strongest and best performance security is

required. This is the point where people either get in, or are kept out.

Once inside the gateway, or firewall, it’s important to segment

business. Security should be taken down to the departmental level,

segmenting off portions of the company so attacks can be quarantined.

To all of this, you must add strict but applicable security policies,

and end-user education.

Continue on to hear what Xie has to say about Linux security, the dangers of spam and users who keep downloading viruses….

Q: A lot of administrators want to move to Linux because they think

it’s more secure than Windows? How dangerous can life be on the Linux

platform?

I think it’s probably too early to tell.

It is certainly true today that the most damaging attacks have afflicted

Windows-based systems and that, by comparison, Linux has been relatively

immune. However, there are real questions as to the true reasons for the

apparent safety of Linux.

The first and most important issue is prevalence. Just as in biological

systems, dense populations are most conducive to the spread of

contagions. And in contrast, more dispersed populations are more immune

to rampant, fast-spreading attacks. Thus Linux, with its more sparse

installed base — and absence from the desktop — will be inherently

more secure than Windows, as long as Windows maintains such a dominant

share of installations.

Another potential characteristic in favor of Linux is the degree to

which Microsoft is viewed as a more ”deserving” target of attack

compared with Linux. In addition, some believe that Linux code, because

it is open, is more heavily scrutinized and therefore benefits from the

security expertise of thousands of developers, while others say that it

is far easier to find security flaws by exercising object code rather

than by analyzing source code.

These factors are all extremely complex, so it will be interesting to

see how the security posture of Linux evolves as it becomes more

widespread.

Q: Worm after worm continues to hit the Internet. Users are still

clicking on attachments and downloading damaging viruses. How can we

stop the cycle?

Social engineering has always been one of the greatest challenges to

security. Those who wish to do harm always seem to play upon natural

human curiosity and weakness.

This will always be a problem. While user education is important, we are

firm believers that the only truly effective way to stop these threats

is to do so before they have the opportunity to reach end users. By

implementing effective security solutions at the network gateway and

preventing attacks from ever reaching users, companies can take great

strides to protect themselves against these threats.

Q: A lot of people still think of spam as a nuisance. How big of a

security risk has spam become?

Spam has become a real security issue as the lines between spam activity

and malware have become blurred. We believe that, in addition to using

intelligent filtering and content analysis technologies to reduce the

amount of undetected spam, it will be necessary to raise the ”cost” of

sending spam to the point where the return is no longer attractive in

order to truly curtail the practice. There are, of course, many

parameters to the notion of ”cost”, so it should be possible to make a

big dent in spam activity without necessarily charging for email.

Q: What do you see coming down the road in terms of security

technology?

The key challenges — and opportunities — will be to deliver security

technologies that are enablers of all of the new and exciting

applications that have only started to show their promise, such as voice

and video, instant messaging, real-time collaboration, e-commerce, and

more. The individual piece parts — encryption algorithms,

authentication systems, and the like will continue to improve. But the

real benefits will come when security becomes embedded with, and

ultimately as ubiquitous and invisible as the network itself.

Similar articles

Latest Articles