Beyond the firewall

Firewalls are no longer the issue in network security. That's the word from InfoSecurity 99 exhibition in London, where world-leading vendors spent the week promoting their wares. Felicity Ussher finds alternatives to the barrier method...

The firewall used to be seen as the barrier between the corporate intranet and danger out on the Web. But the practice of putting public material on the Internet, while keeping confidential data safely on a LAN (local area network), has gone out of date. Businesses now need to share mission-critical information with partners around the world. It's up to the vendors to find a way of securing information outside the firewall, so that the right people can access it online - but only the right people. Lior Arussy, Hewlett-Packard's VP of security, claims modern business trends like outsourcing and extranets mean companies have to let strangers access mission-critical data in order to be successful. "Internal versus external networks is no longer the issue. We're not protecting against hackers, we're enabling businesses to do something new - put their most sensitive information online," he told Silicon.com. "The intranet has merged with the Internet." Arussy was at InfoSecurity gathering support for HP's Praesidium range, which protects databases from unauthorised visits. Its core technology - HP Virtual Vault - uses Java applets to access corporate data, but only if the user's query meets the right technical criteria. HP is the only vendor to develop customised applets for vendors like Oracle, SAP and Baan. Steve Bennett, MD of firewall vendor Checkpoint Software, agreed. "Firewalls are not the issue any more. They're like routers - you need them, but they're simple. The new business issue is how to protect data on a public network - between branches of an international corporation, for example." Checkpoint is promoting its Virtual Private Network (VPN) strategy, which combines firewall software with encryption technology and access control, so that data transmissions are secured. "The firewall has become a platform for managing traffic," he said. Bennett added that VPN technology will lead to the emergence of new markets, like banks transferring funds directly to other banks and electronic payments down the supply chain. HP has also identified the supply chain as its first target market. If the vendors are right, then IT directors cannot rely on a fixed firewall model. They need to build flexibility into their systems now - to prepare for a new era of business relationships. Dr John Leach, head of the information security consultancy at Network Associates, warned: "Your business partners of today may be your competitors tomorrow." So the barrier method is out of date. The modern way to achieve business security is to stop putting your faith into any single product. IT directors must work out what information they want to share, when and with whom. Only then should they start looking at the plethora of new security techniques out there.