The issues in network security today are different than they were just two years ago with the growth of the bring-your-own-device (BYOD) trend that expands the enterprise’s concern with managing the flux of mobile data across its network. In a debate at NetEvents Americas in Miami, FL this week, experts on network security gathered to ruminate over this topic, and hash out what businesses need to do to secure their networks.
Jill Knesek, head of Global Security for British Telecom, (the network operator for the Olympics in London this year) offered up the notion that businesses need to understand what their risk appetites are instead of thinking that they can squash all possibilities of invasions or intrusions. Wayne Rash, editor in chief for FierceMobileIT, asked the panel and audience if any of them really believed that you can secure a network. Her answer was, “No. In the business environment I work in, we accept that. You have to understand what your risk appetite is.”
Is there a way to go about managing risk even though no network is impenetrable? Vik Davar, VP of Corporate Development for ClickSecurity, suggested that modern security threats can be assuaged with security analytics: “Intrusions happen, they will continue to happen, but if you have a real-time security analytics solution,” you will be on the preventative side of the equation.
The BYOD element of this problem is only now being considered by the enterprise as a significant hindrance in the progression of the mobile workforce and moving towards the cloud. Ram Appalaraju (News - Alert), VP of Technology and Product Marketing for Enterasys Networks, brought up the concept that every one of us is “a walking set of IP addresses.” He, himself, exposes his company to risk with the use of his devices. We all do. Every time we transfer documentation across mobile spectrums, we compromise the security of the company associated with that material. But Appalarju mentioned that “this is accepted in today’s enterprise. Fast detection and self-remediation are two ways we can address this.”
When Rash brought in Jurrie van den Breekel, director of Product Marketing for Spirent Communications (News - Alert), he raise an equally-as-important question: To what extent does a cloud environment protect you?
The answer seems to be: Not as much as we would all like to think. Van den Breekel said, “People who have individual machines cannot filter out repeated attacks,” which becomes important when we’re talking about organizations such as Amazon with millions of users all on different devices. He went on, “From a risk perspective, when you deploy your services in the cloud, you think you’re protected.”
Clearly, that is not the case. Rash added that as soon as a denial-of-service attack starts, the cloud provider “drops you like a hot potato.”
The good part about outsourcing part of your infrastructure is that you can also outsource the liability, according to Knesek. Of course, this brings a whole other concern into play, as Knesek stated, “There is a risk to the business when it comes down to the human element. A lot of it boils down to hiring good people.”
As Knesek pointed out, a device will never replace a human. While this seemingly reverses the current trends in robotics, to Knesek’s previous point, Rash concluded that it’s really not the technology that creates these attacks. It is important to remember that “people are always the threat in the end.”