Protection – right to the core

Now more than ever, European enterprises are depending on wireless networks and IP convergence applications to address some of their core business challenges. But, as the emphasis and reliance on converged networks continues to grow, so does the need to ensure the security and reliability of those elements. As CXO discovered when we met with Raul Ros, Vice President and General Manager for EMEA, 3Com, ensuring that enterprises can have confidence in a secure, reliable converged network is both vital and achievable.

CXO. First of all, where are the security issues associated with the converged networks now being used by companies across Europe? What are the kind of uses or applications that are opening up companies to risk today?

RR. I think really what is creating the risk is the fact that everyone today is looking to build a single converged network, moving to IP. It is those converged applications, such as voice, video and data applications, that are not so much creating the risk as a series of new challenges. In the past, to achieve quality of service in a data application you could drop a packet and still not miss the beat. With voice or video, however, whether you drop a packet and how you inspect a packet is very important and it isn’t acceptable to have jitter or latency in a voice or video application.

So the security issues we’re seeing on converged networks are basically down to the applications driving them.

CXO. How has the security issue developed in recent years – what have been the biggest factors to have either knocked back confidence or weakened security?

RR. With converged networks, there are also peripheral applications beyond voice, video and data that have an impact, in particular with mobility. We’re all using many more mobile devices today. To illustrate, right now as I shut off my cellphone, I still have my Blackberry on, as well as the internet. But this mobility creates an interesting internal threat. For example, someone might typically use a notebook for both business and personal use, so when they then tie that notebook into a network it creates a potential security risk.

The trend to build a single converged network has come about for a number of different reasons, one of which was the desire to cut costs and become more effective on IP applications, but also as a result of the explosion of mobility, which now allows many more users onto your network internally and externally.

CXO. To what extent is that risk being addressed at the present time? Are you seeing real concern from IT managers or is there a head-in-the-sand approach by many?

RR. From our experience, I truly believe IT managers are very much getting involved in this issue. Every time we have held an IT manager or CIO conference recently, particularly on the topic of security, it has been packed. I think this demonstrates that IT managers are coming under tremendous pressure to deliver these rich applications for their companies for profitability and cost reasons, and at the same time are aware of the need to support and use a pervasive security approach in their networks.

CXO. What changes are you seeing in the interest from companies and in what’s actually available to companies?

RR. I truly believe that all companies are now aware of the security issues that exist, whether they are an SME, a mid-level or large business. But what is really changing very quickly is that there are now affordable and professional security systems available that can deliver IPS type protection to all size of business, from small-to-medium sized business all the way up to large service providers. Providing for those different sized markets was not previously addressed. For example, Tipping Point had eight boxes that were orientated to large business. The benefit of our acquisition of the company for the industry is that 3Com has bifurcated that technology into small and medium business. We recently released the X505, for example, which protects SMEs, branch offices, etc. Meanwhile, the 5000 series can now protect up to 5Gb of bandwidth, suitable for the management of a very large enterprise call centre or data centre or even a service provider delivering access to users, enabling them to have cleaner lines and to better protect their environments. So the trend is towards more security products that are capable of protecting all levels of business with professional applications.

CXO. A lack in confidence in the network must have a negative impact on business?

RR. I think there has a paradigm shift in this recently the leader of which was actually Tipping Point, a company that 3Com acquired in January 2005. That shift was from intrusion detection towards the creation of intrusion prevention systems. That was a significant change – it was the difference between, for example, a system that could tell you when a burglar was in your house and one that could actually prevent that burglar getting into your house in the first place.

Before IPS there was certainly a tremendous lack of confidence in network security because the incidence of people getting hit with viruses, spyware and with different types of phishing was very high. Today, however, IPS is becoming the standard and hopes to provide proactive rather than reactionary security.

CXO. So what steps can IT managers take to improve the reliability of their networks? What would your key advice be?

RR. First they have to review their whole security strategy and policy on who and what devices can access their networks, how they are able to do that and how that is managed.

When it comes to the security solutions available to companies, if you take 3Com as an example, we now have the technology to enable companies to protect their access and the core of their networks, whereas prior to our acquisition of Tipping Point, we only had one part of that capability. Now a company can create a truly pervasive protection, from access points to the core, to their data centres and their servers – it is an overall protection.

CXO. And does implementing these security measures come with any trade-offs, for example when it comes to interoperability or flexibility?

RR. There are currently two trains of thought on this subject that are heading in different directions, the other being led by a leading vendor that is strong in the network business. It is really a case of proprietary versus industry, or open system, standards. I think there is a trade off if you go to the proprietary side because you then potentially must do forklift changes and rewriting of applications, which can put tremendous pressure on IT managers and companies. If you look at open standards from a security perspective, as we move forward we will be able to have interoperability in a mixed environment and have the flexibility we need with applications in the future.

CXO. Finally, looking forward, is this an issue that is likely to get worse? Are the ongoing trends going to complicate matters or present new challenges in the future?

RR. They will to a certain extent. After all, I don't think we will stop evolving – applications will become even richer in mobility, and we’ll see voice, video and data increasingly in small devices. When I look at my children’s iPod, I see that the only thing missing now is connectivity, which will no doubt be the next step.

We’re seeing very rich applications and smaller devices going to large networks, and I don’t believe that’s about to change. Whether we like it or not, with the use of such mobile devices we have all become global citizens in a global economy. In the future, I think these devices will keep evolving to protect this new environment. They will be IPS based because they need to be proactive and to provide protection all the way from the access to the core in order that all areas of the network are protected.

I don’t believe that software applications will provide the answer – considering you have to install software in every single PC or device and then try to upgrade and update that software, it is simply unmanageable. You need security to be an in-line, in the network type of system that will protect that network to the core. It also needs to be based on open standards so that companies do not have to do forklift changes. They want to protect the investment they have today and to move forward; they want to be multi-vendoring in many cases.

Whereas today protection is over connectivity and networking, in the future, I think we’ll see it protect all the way up to the application side of things. This would need to be able to not only handle converged applications and the networks of the future but also to have sufficient intelligence. This has to do with total packet inspection – because with these new devices coming in, it is essential that the security system is intelligent enough for total packet inspection without creating latency to the network. It needs to be able to look at that packet and detect whether it is voice, video, data, etc and them to prioritise the traffic accordingly. This is something that will be key in the future

It’s in all of these ways that companies today are gearing up to protect the next generation of networks.