
Subscribe to
Computerworld
or
Other Business Intelligence Stories
|
May 27, 2004 (Computerworld) -- One of the top priorities for companies today is information sharing with a vast ecosystem of external entities, ranging from business partners and suppliers to customers. In the wake of a landslide of security threats and breaches, security is one of their top concerns, especially how to best extend organizational boundaries and where to centrally locate shared data.
There are dozens of technologies for information sharing, and they generally approach the problem in one of two ways. The first approach extends the infrastructure at the network level, using tools such as IPsec virtual private networks (VPN) and leased lines. These technologies create significant security challenges when extending network access to partners, customers and suppliers. Each one of these parties essentially becomes part of the enterprise network, but do you really want your business partners to have this full access, which can increase the likelihood of these parties voluntarily or accidentally introducing security risks?
Many companies try to overcome these security risks with a duplicate network -- literally a separate, redundant network that outsiders can join, either over the Internet (via VPN) or a leased line. While this may limit exposure of sensitive information, it's very expensive.
The second approach is to extend the organization on the application level with technologies such as Secure Sockets Layer VPNs and Web collaboration applications. Unlike network extensions, the application approach allows access to a predefined set of resources without having to allow complete access to your internal network.
Inside or outside the firewall?
If the company chooses to extend the organization at the application level, it faces a critical architectural decision: Should shared data reside inside or outside the firewall?
One approach to application extension is to keep information servers inside the firewall, within the enterprise's network. Middleware can function as a liaison between the internal data and the external users. This approach doesn't force the duplication of information and leverages existing security within the network, reducing investments in extra infrastructure and administration.
However, this architecture contains an unassailable hurdle: a hole needs to be opened in the firewall to enable the external middleware to access the internal information. This tunnel can be used to break into the enterprise network, initiating a domino effect that could cause significant damage or downtime.
Due to this potentially devastating result, it's not sufficient to minimize the risk by implementing security technologies and policies. Thus, the only satisfactory solution is to block all access from the outside world into the enterprise network. An analogy to illustrate the perimeter security rule of thumb is that you should secure your castle by stopping the hordes at the gate. If you need to get something from the external world, go out and seize it.
Seizing ground outside the gate
In response to the challenges discussed above, many security architects choose to temporarily store information outside the enterprise's network and have internal applications retrieve it. These internal applications can monitor outside storage at a predefined interval of time and pull the data when needed. When the data is moving from within the enterprise outward, it will be stored on the external network and thus be accessible to outside entities.
This methodology eliminates the need to allow access from the outside world to the enterprise's network. The challenge of this architecture is that the information needs to reside outside the firewall, where lurking dangers of data exposure and destruction exist. Therefore, a security infrastructure that will provide protection for this external data must be designed.
Outside the firewall security checklist
To combat the potential security threats that networks face, security architects must design a multilayered security infrastructure. All of these threats need to be very carefully treated, since it's widely known that security is only as strong as the weakest link in the protection chain. Using the castle analogy again, securing the castle windows with bars and guards won't be effective if the front gate is left wide open.
A data security infrastructure should include, at the minimum, the following security layers:
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|


Computerworld Technology Briefing: An open-source path to optimal virtualization Looking for a virtualization strategy that offers both the flexibility and reliability to meet the demands of mixed-source environments? Look no further than the fast-emerging open virtualization approach backed by some of the biggest names in enterprise computing. Together they are pointing the way toward higher data center performance without higher costs.Download this briefing
|

| XenServer FREE trial Citrix XenServer is the simplest and most effective way to virtualize and provision servers. XenServer combines comprehensive server virtualization capabilities with unparalleled scalability, performance, economics, and ease-of-use. Based on the open source Xen hypervisor, XenServer delivers fast performance, easy management, and advanced features such as live migration. |

Since You AskedA weekly storage column from storage analyst, Steve Duplessie of the Enterprise Strategy Group |
|
SAS Information Management Kit
SAS is the leader in business intelligence and analytical software and services. Only SAS offers leading data integration, storage, analytics and business intelligence applications within a comprehensive enterprise intelligence platform. SAS gives 97 of the top 100 companies in the 2007 Fortune 500 THE POWER TO KNOW®. |
Webcast: The Information Management Roadmap
Imagine high-quality data, cleansed, analyzed and delivered throughout your organization. Join Computerworld, IT visionary Thornton May and a panel of experts to learn how SAS® can help you make it happen. View this webcast
|
Research Report: Information Management Initiatives at Midsize and Large Organizations
See the top-line results of this Computerworld sponsored survey to see how IT and business leaders are handling information management implementation.
Download this report
|
White Paper: Information Management: Better Information for Winning Decisions.
This white paper explains how the SAS Information Evolution Model aids companies in assessing how they use this information to make strategic decisions and drive business.
Download this white paper
|
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |