There is only one foolproof way to protect your networked computer systems against electronic snooping, hackers, unauthorized access, stolen passwords, denial-of-service attacks and other security breaches.
That clearly isn’t a practical solution. In fact, most companies these days are compelled to open their systems to people inside and outside their organizations in order to do business effectively. The evolution of modern business has created increased dependence on network-based assets for everything from e-mail and customer contacts to order fulfillment and billing.
This demand creates a challenging paradox for CIOs and IT administrators. While networks exist for the purpose of sharing information, every open avenue for network access is a potential security gap. Access and security are always at opposite ends of the scale — too much of one weighs against the other. The key to effective network administration is finding and maintaining the right balance between security and access.
The IT department typically places greater emphasis on the security side of the ledger, which is to be expected because data protection involves concepts, techniques and technologies that are not well understood by most members of the organization. Ensuring the protection of sensitive company data and applications is a responsibility that can’t be taken lightly.
What’s more, network security isn’t just an imperative business practice, it’s the law. A growing number of federal, state and industry regulations require that organizations take measures to protect data from destruction, loss, unauthorized alteration or other misuse. Failure to do so can result in stiff penalties and costly litigation.
Over the years, IT has traditionally focused on perimeter-based security, with firewalls, access controls, intrusion detection solutions and other measures designed to create a wall around the network. However, the rapid growth of virtualization, cloud computing, mobility and wireless technologies is making it nearly impossible to establish a hard perimeter anymore.
New technologies have fundamentally altered IT’s customer base, as well as user expectations of what IT should deliver. An increasingly mobile and outsourced user community means IT must provide network and application access to a dynamic workforce with differing needs and operating from numerous locations. In addition, the proliferation of smartphones, netbooks and hosted applications has made workers less reliant upon their employers for their technology needs. More and more employees are making their own buying decisions about the devices and applications that help them maximize productivity, and they naturally want the IT support that will help them do their jobs.
This trend obviously imposes significant burdens on the IT department. It’s hard to manage equipment you don’t own, and harder still to secure and support a diverse collection of hardware and software that is literally changing every day. The natural inclination is to lock down the network and prohibit the use of all devices and applications not expressly sanctioned by the organization. However, this is precisely where IT must walk a fine line.
In our next post, we will explain why communication between IT and end-users plays a critical in balancing security against network access.