Beyond the firewall

Network security more complex than ever

This year, with all of its data breaches, has certainly proved that network security is much more complex than at past times, when firewalls were viewed as premium defense collateral. What are some methods/policies I should be aware of as I look to spend time (and security budget) in 2008?

The CSO's job has gotten more difficult recently as the focus of risk management has shifted from simply protecting their organization's network and server infrastructure to ensuring the Intellectual Property (IP) that is housed within and communicated across that infrastructure is not getting into the wrong hands.

A company's IP may be more valuable than its physical infrastructure. This is obviously the case in industries such as high technology, pharmaceutical, and biotechnology where the essence of competitive advantage and profits is intellectual property. But even in a number of 'lower tech' industries such as entertainment, retail, and financial services, proprietary content and know-how are keys to success and must be closely guarded.

Two fundamental requirements for the CSO charged with protecting this IP are 1) Knowing what his organization's IP is, and 2) Who should be allowed to receive it. Meeting these requirements pose significant challenges.

According to a recent Enterprise Strategy Group (ESG) report, Extending Intellectual Property Protection Beyond the Firewall (sponsored by Reconnex), about half of the 109 companies surveyed did not have standard policies for identifying and classifying IP. Furthermore, IP classification is a bit of an organizational "hot potato" with responsibility for that classification spread across legal, line-of-business management, IT, and executive management in most organizations. This study also confirmed that more large organizations are sharing their IP with an increasing number of business partners (both domestic and international) in conjunction with outsourcing and offshoring relationships. In fact, about two-thirds of the organizations surveyed reported sharing moderate-to-substantial amounts of IP with their business partners today. Yet, less than half of those surveyed have a formal process for determining which IP can be shared with business partners.

So, what's a CSO to do?

First, you have to learn what IP needs protection and prioritize it based on business impact. This requires meeting with functional managers who are tasked with the creation and use of IP to create an inventory of the type of IP within the organization. There will always be a tradeoff between business imperatives and security, so it is important to distinguish the 'must protect' from the 'nice-to-protect' and focus first on the 'must protect' IP. Automated IP discovery tools can be helpful in assisting in the identification of potential IP that needs protection.

Second, you have to learn which business partners are permitted access to what IP. Again, this requires cross-functional dialogs with business unit personnel who are tasked with working with outsourcing/offshoring partners to determine what information is critical to those partners and what information needs to be restricted from dissemination. In most cases, business managers will not be aware of the full extent that information is being sent to the organization's network of business partners. In this case, it may be helpful for the CSO to provide business managers with reports showing the types of information flowing to external partners so those managers can decide what is appropriate and what is not. Data loss monitoring and reporting tools can be helpful in producing these kinds of reports.

CSOs have a clear understanding of how to protect their organization's computing infrastructure. Their new challenge is to protect the critical business information living within that infrastructure from inappropriate disclosure. This requires the CSO to learn what that critical information is and who is allowed to receive it and then to put in place appropriate technology and processes to educate users and to detect and prevent the leakage of that information.

John Peters is CEO, Reconnex.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Peters

Network World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?