COLUMN

Shop Talk: Network security -- Calm after chaos?

By Paul Gillin 13 Mar 2006 | SearchCIO-Midmarket.com Technology news and tips for midmarket CIOs Digg This!     StumbleUpon     Del.icio.us

It's the great new debate of network security: Should security be an integral part of the network, or should it be its own technology category? Vendors are taking sides, and customers, for now, are stuck in the middle.

If all this confuses you, don't be ashamed. This is a really big shift in technology and market structure, and it's confusing to a lot of people.

Network equipment vendors have spent the last two years busily repositioning themselves as security companies. The reason: Products like routers and switches are becoming cheap commodities. That means vendors can't sustain profit margins, so they have to look elsewhere for growth. Adding security to the switch is a natural reason to charge buyers more money. Network security is already a $1 billion market, according to Infonetics Research Inc. in Campbell, Calif. The secure router market grew an amazing 121% in 2005 on a tripling of shipments, compared with nearly no growth for the general router market, Infonetics said.

In the traditional security market there's chaos. A fragmented industry to begin with, vendors have responded to challenge from the big networking players by selling out, aligning with the new entrants or trying to diversify their business. There's a lot still to shake out there.

Users have to cope with new terms and concepts as a result of this shift. The first thing big vendors do when they get serious about a market is announce an architecture. Cisco Systems Inc. has Network Admission Control (NAC) and Microsoft has Network Access Protection (NAP). Both these ideas basically aim to keep the network secure by keeping bad devices from connecting in the first place. At some point, NAC and NAP are supposed to work together. Maybe. There's also a third option called Trusted Network Connect that was basically put together by Cisco's competitors. Whether it will work with the other two is anybody's guess.

TechTarget's Andrew Hickey has a good overview of this situation.

The new network

The basic principle of Cisco's NAC and other initiatives is sound: If you sew up the network so that no one can get to it without meeting a very specific set of criteria, then you can greatly simplify security. It's a reversal of the security paradigm of the past, in which the network was open and we tried to keep the bad guys out. The new thinking is to keep everybody out except for a few invited guests.

If all this confuses you, don't be ashamed. This is a really big shift in technology and market structure, and it's confusing to a lot of people.

More on this topic Tick, tick, boom: NAC market ready to explode

The good news is that users will eventually be better off for it. Security infrastructure is way too scattered and disorganized for most companies these days. There are separate appliances for firewalls, virtual private networks and intrusion detection and prevention. Then you've got your routers and switches, which have varying degrees of security in them. Finally, there is client and server software for handling things like spyware, viruses and denial-of-service attacks. It makes sense to bring all this stuff together, if not in a single appliance then at least under a single architecture.

Unfortunately, it's going to be pretty messy getting there. Every networking equipment vendor is reinventing itself as a security company, which makes for a stew of new strategies, frameworks and acronyms. Software companies are doing the same. Microsoft has said that Windows Vista will support some client-side admission features, but that's a year out. Meanwhile, the companies that plan to survive the shakeout are busily buying up smaller competitors.

Few small and midsized businesses (SMBs) can be bothered to wade through this stuff. If stability and predictability are your most important issues, then stick with Cisco. It will be there forever and will develop a nice solar system of third parties that support NAC. But it will cost you, because Cisco always does.

If choice and value are your guiding principles, then have a look at Trusted Network Connect. Many of those companies undercut Cisco on price, and a third-party network should be more open to innovative new entrants.

Microsoft will do whatever it wants to do. Just hope that it's compatible with your network.

The result of this reshuffling should be a cleaner, simpler security landscape for SMB customers. Just be ready for some headaches getting there.

Paul Gillin is a technology writer and consultant and former editor-in-chief of TechTarget. His Website is www.gillin.com Check out his recent blog entry on SMB picks.

Tags: Data centers and infrastructure for the midmarket,  Systems management for the midmarket,  Information security management for the midmarket,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data centers and infrastructure for the midmarket 10 tips for renegotiating your virtualization licensing contracts Management tools for virtualized servers: A look at the options Virtual server management vs. physical servers: What's the difference? Virtualization technology use spreading into desktops and storage Laying the groundwork for cloud computing services adoption in 6 steps Cloud computing tips for getting started with next-gen IT capabilities What do you know about data center outsourcing? Pricing out Windows Server 2008 for virtualization cost efficiency Data center strategy starts with the business Desktop and application virtualization: Lessons learned Systems management for the midmarket Windows 7 review: A closer look at this operating system for business What will net neutrality mean for SMBs? Midmarket data center management guides: Tips and best practices Microsoft among ERP vendors increasing built-in vertical functionality How to create and measure success of a SharePoint governance program 10 must-have steps for an effective SMB information security program FAQ: Business process management defined Management tools for virtualized servers: A look at the options Virtual server management vs. physical servers: What's the difference? ERP implementations: In search of ERP best practices Information security management for the midmarket Test your knowledge: IT quizzes for midmarket CIOs Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary