The painless way to secure your firm

David Bicknell delves into the vital area of the security of IP networks. He finds that there are a number of methodologies and...

David Bicknell delves into the vital area of the security of IP networks. He finds that there are a number of methodologies and products that you can use to protect your business

It is no secret that many small- and medium-sized enterprises (SMEs) fall down when it comes to security. It's not that surprising either: most are focused on getting their businesses off the ground, creating relationships, selling ideas and products and making money.

Many simply lack awareness of security issues, and so cannot instil the need to be secure into their staff and IT infrastructure. It is easy to suggest that this is because of a lack of technical expertise.

But, as comments Mick Hegarty, General Manager ICT at BT Business, you may need to think about security policies and be aware of the risks to your business before you start thinking about suitable technologies.

"Having the right procedures is critical for businesses like yours. You have to think of the risk. The SME community is notoriously lax about backing up data, putting them at risk of catastrophic failure. If all your company accounts are on the managing director's laptop, and the hard disk fails, you may not have a business. Technology is important, but technology alone won't keep you secure."

Being confident about your security and ability to keep your business running should be as strong a selling point for your company as having a winning product. "Potential clients may look at your business and believe you have what they need, but don't know if they can trust you. It's a great confidence booster if you can say, 'We're secure'," adds Hegarty.

On the product side, the good news for the SME community is that you and your peers are the focus for a string of security suppliers. Consequently, prices have come down; what used to be realistically only in the price range of a larger business is now manageable for organisations like yours. That particularly applies to virtual private networks (VPNs).

Once considered so complex and expensive that only large enterprises could use them, VPNs are becoming a staple business tool for businesses like yours, fostering communication when employees can't be in the office and helping tie together remote offices.

Put simply, VPNs offer you highly secure communications between remote users and a company's internal network over the - insecure - internet, by essentially creating a secure tunnel through it.

There are two types of VPN: IPsec (internet protocol security) VPNs and SSL (Secure Sockets Layer) VPNs. IPsec VPNs offer 'point-to-point' tunnelling to ensure secure access to internal resources, but users need specialised software downloaded onto their PC or 'client', and the administration, especially with upgrades, can be a problematic, even for larger companies.

"Apart from the headache of managing the client, you are giving someone an open route into your network. If he's a user you're sure you can trust, that's fine. But if not, there's no telling what problems he may cause," says Jeff Alsford, director of technology, EMEA, of networking specialist F5.

A better bet could be SSL VPNs, which use encryption technology to allow remote workers to access the company network from any device supporting a Web browser. Users go to a company's designated internet URL for SSL entry and enter a password to gain secure access, significantly cutting implementation costs.

There are already low-cost VPN solutions on the market, developed specifically to secure businesses like yours. One can support up to five sites at a cost of £75 per month for a main site, and £15 per month for other users. So for a 10-user system, you should expect to pay £225 in monthly costs or about £2,000 a year. This should be cost-effective for all businesses.

There are also various integrated security appliances now available, offering a firewall, anti-virus, intrusion detection and a VPN, costing around £1,000, which may be good value for your company. But Arthur Barnes, Principal Technical Consultant at Diagonal Security, warns against the idea. "You wouldn't buy a combined washing machine and toaster for the price of a toaster and expect it to be effective, would you?"

Application traffic management technology, specifically for SSL VPNS, enables you to extend secure remote access to anyone connected to the internet using desktops, laptops, PDAs and kiosks, while eliminating the need for complex IPSec VPNs. The appliance enables administrators to authorise various levels of application access based on the user and what type of device they are using. It also checks client PCs for security policies such as anti-virus protection or personal firewalls before allowing the machine full network access.

The fundamental issue is that IP offers potential, but in unlocking this you may be unlocking the front door to your firm. Implementing the required security technology, allied to good practice, should make sure that this situation does not arise.

Read more on IT for small and medium-sized enterprises (SME)