James Thew - Fotolia
IT security is complex, and trying to work out whether it is better to use dedicated best-of-breed systems or those that deliver a range of capabilities in a single appliance can be a difficult decision to make, especially if you are not a specialist in either security or networking.
This is one of the reasons why network security systems in small and medium-sizes enterprises (SMEs) tend to be put in place and then left alone as much as possible.
In a recent study, Freeform Dynamics asked a number of SMEs in the UK, Germany and France how they implemented security against the backdrop of today’s rapidly evolving threat landscape (see Figure 1).
As we can see from the chart below, for the majority of SMEs network management and security are currently delivered using appliances or software that combine multiple capabilities in a single product. Only a minority of organisations make use of dedicated equipment.
It is notable that given the very diverse range of security and network management areas covered – web application security, email security, data loss prevention, web filtering, wide-area network optimisation – there is remarkably little difference in the approach taken to implementing each capability. Once a multi-purpose system is in place, it is natural to exploit as many as possible of the functions it provides.
In many ways, these results are as expected given that so few SMEs are able to employ IT professionals with specialist skills in each of these complex technology areas. Multifunction systems are often built with ease of management and ongoing administration in mind, making them well suited for organisations where IT is administered by generalists.
However, when questioned on preferences, it is clear that while multifunction devices are widely used, dedicated/best-of-breed alternatives are perceived to be more desirable (see Figure 2).
This second chart indicates that the preference for dedicated systems has become more pronounced in recent years. This change may well reflect the fact that many of those surveyed also report a wide range of escalating pressures and requirements being placed on their networks, with such demands also expected to increase rapidly going forwards.
Against this background, the perception is that single-function systems are more capable and offer better protection than multifunction offerings. The benefits cited include greater functionality, better performance and scalability, improved reliability and more flexibility.
Beyond this, with the increasing use of cloud meaning there’s often no longer a clearly defined single border to defend, the need to protect hosted environments by deploying security in the cloud is in the front of many people’s minds. As multifunction systems, more than dedicated alternatives, have historically often only been delivered as hardware rather than virtual appliances, this is another perceived reason for favouring best of breed.
While such considerations can make the logic of emphasising dedicated/best-of-breed systems seem clear, an important truth is that the underlying perceptions coming through are, more often than not, incorrect nowadays.
Multipurpose boxes may not be able to deal with extreme and exceptional requirements, but they have come a long way in the last few years. For most functions in many deployment scenarios, the difference between these and dedicated alternatives won’t matter significantly.
Meanwhile, virtual appliance options of all kinds are now much more widely available in the market. Even application delivery controllers (ADCs) are now available in virtual form.
Challenge for SMEs
With this in mind, the research highlights a knowledge gap among those looking after the communications infrastructure in smaller businesses. The challenge, however, is for SMEs to find the time to investigate options, understand their capabilities and constraints, and then work out which systems would best meet their needs. For some it may mean moving towards greater use of dedicated systems, while for others multifunction systems, especially those developed in recent years, could prove to be the better choice.
From a practical perspective, getting a clear picture of the needs of the business and how different systems match up will take time, but the investment will be worthwhile. Working with the right suppliers can help here, especially manufacturers and resellers that offer a wide range of systems and have no axe to grind on whether to advise you down one route or another.
In summary, the common perceived need for dedicated systems is probably the result of a lack of knowledge of the functionality available in many new multifunction systems. There is no doubt that dedicated single-purpose systems have their place, but for most SMEs it is probably an exception rather than the rule.
The net takeaway is do your homework and/or work with knowledgeable broad-portfolio suppliers/resellers which can provide advice to help define your requirements and help you to determine the best way to modernise your capabilities.
In the meantime, don’t let lack of knowledge or uncertainty hold you back. The pressures on your network will only get greater over time, and it’s always best to modernise proactively rather than wait for something to break.
Tony Lock is at IT industry analyst at Freeform Dynamics. Download the report "Future-proofing your network" here.