David Bicknell delves into the vital area of the security of IP
networks. He finds that there are a number of methodologies and
products that you can use to protect your business
It is no secret that many small- and medium-sized enterprises
(SMEs) fall down when it comes to security. It's not that
surprising either: most are focused on getting their businesses off
the ground, creating relationships, selling ideas and products and
making money.
Many simply lack awareness of security issues, and so cannot instil
the need to be secure into their staff and IT infrastructure. It is
easy to suggest that this is because of a lack of technical
expertise.
But, as comments Mick Hegarty, General Manager ICT at BT Business,
you may need to think about security policies and be aware of the
risks to your business before you start thinking about suitable
technologies.
"Having the right procedures is critical for businesses like yours.
You have to think of the risk. The SME community is notoriously lax
about backing up data, putting them at risk of catastrophic
failure. If all your company accounts are on the managing
director's laptop, and the hard disk fails, you may not have a
business. Technology is important, but technology alone won't keep
you secure."
Being confident about your security and ability to keep your
business running should be as strong a selling point for your
company as having a winning product. "Potential clients may look at
your business and believe you have what they need, but don't know
if they can trust you. It's a great confidence booster if you can
say, 'We're secure'," adds Hegarty.
On the product side, the good news for the SME community is that
you and your peers are the focus for a string of security
suppliers. Consequently, prices have come down; what used to be
realistically only in the price range of a larger business is now
manageable for organisations like yours. That particularly applies
to virtual private networks (VPNs).
Once considered so complex and expensive that only large
enterprises could use them, VPNs are becoming a staple business
tool for businesses like yours, fostering communication when
employees can't be in the office and helping tie together remote
offices.
Put simply, VPNs offer you highly secure communications between
remote users and a company's internal network over the - insecure -
internet, by essentially creating a secure tunnel through it.
There are two types of VPN: IPsec (internet protocol security) VPNs
and SSL (Secure Sockets Layer) VPNs. IPsec VPNs offer
'point-to-point' tunnelling to ensure secure access to internal
resources, but users need specialised software downloaded onto
their PC or 'client', and the administration, especially with
upgrades, can be a problematic, even for larger companies.
"Apart from the headache of managing the client, you are giving
someone an open route into your network. If he's a user you're sure
you can trust, that's fine. But if not, there's no telling what
problems he may cause," says Jeff Alsford, director of technology,
EMEA, of networking specialist F5.
A better bet could be SSL VPNs, which use encryption technology to
allow remote workers to access the company network from any device
supporting a Web browser. Users go to a company's designated
internet URL for SSL entry and enter a password to gain secure
access, significantly cutting implementation costs.
There are already low-cost VPN solutions on the market, developed
specifically to secure businesses like yours. One can support up to
five sites at a cost of £75 per month for a main site, and £15 per
month for other users. So for a 10-user system, you should expect
to pay £225 in monthly costs or about £2,000 a year. This should be
cost-effective for all businesses.
There are also various integrated security appliances now
available, offering a firewall, anti-virus, intrusion detection and
a VPN, costing around £1,000, which may be good value for your
company. But Arthur Barnes, Principal Technical Consultant at
Diagonal Security, warns against the idea. "You wouldn't buy a
combined washing machine and toaster for the price of a toaster and
expect it to be effective, would you?"
Application traffic management technology, specifically for SSL
VPNS, enables you to extend secure remote access to anyone
connected to the internet using desktops, laptops, PDAs and kiosks,
while eliminating the need for complex IPSec VPNs. The appliance
enables administrators to authorise various levels of application
access based on the user and what type of device they are using. It
also checks client PCs for security policies such as anti-virus
protection or personal firewalls before allowing the machine full
network access.
The fundamental issue is that IP offers potential, but in unlocking
this you may be unlocking the front door to your firm. Implementing
the required security technology, allied to good practice, should
make sure that this situation does not arise.