Outsource your security
Summary
Topics
Unfortunately, there are a lot of things to think about when it comes to security. The choices can run the gamut from the physical, to offsite backup and intruder detection. Many of these choices require a lot of skill to plan and implement, and in many cases, can take months. So if you're serious about your company's security plan, you'd better get started.
You probably already have some of the basic things in place, including password and authentication management, firewalls, access control, and the like. (And if you don't, stop reading this right now, and take care of those items. This column will still be here when you get back.) But the big stuff, such as establishing or improving your communications security, takes time and money.
Many companies that have never given their communications security a first thought now realize it might be important. When getting started, most companies initially consider creating a secure network tunnel between users on the inside and those on the outside--whether they're employees, business partners, or extranet users. By creating this tunnel, or VPN, you not only ensure communications security, but you have the means to manage the connection and make sure that those users only go where they're supposed to go, and do what they're supposed to do.
The problem is, most companies don't have a good way to create VPNs or to manage them. While Microsoft includes a VPN client with Windows, there's a lot more to making one than just that. In most cases, you need a VPN gateway in your data center. This can take the form of a dedicated piece of hardware, it can be a remote access server of some sort, or it can be a function contained within another device, such as a router. While setting up some of these devices isn't all that difficult if you're an experienced IT staffer, it's beyond the capabilities of many companies, and beyond the staffing levels of others.
The good news is that there's one thing you can do right away that doesn't involve creating your own VPN--outsource one. If your company is like many and still lets remote users dial in using a modem, with just a simple login prompt at the remote access server, an offsite VPN service is a quick fix for an otherwise porous telecomm system.
And Ellis, of course, is hoping that Imperito will be able to help companies get there. One of the things that Imperito provides is a service called InstantVPN. In a sense, Imperito is a security application service provider (ASP) that offers a subscription VPN service. There's no hardware to install, just some software to download to a Windows NT or Windows 2000 machine used as a gateway, and some client software to download for remote users.
The Imperito solution is nice as far as it goes, but it's not for everyone. "Any solution that people look at these days has to pretty much include a combination of things. It's difficult to find the best solution all in one box," Ellis explains. He says that a complete communications security may require working with several vendors and several different kinds of approaches.
Ellis says companies, having realized that they have to worry about their security, find they have to do several things at once. "They have to assess the risks to their security, they have to look for staff," he says. Ellis notes that they also have to look at hardening what security they already have. The complexity of the process is one reason that Ellis thinks that using a provider for secure communications might be a great solution for companies, if only because that provider simplifies the situation.
The problem is, security is never really simple, and with the level of threat that companies now realize they're facing, what once may have seemed simple now clearly isn't. One way or the other, communications security, like other forms of data security, is no longer an option.
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
