Beyond the firewall

Network security more complex than ever

This year, with all of its data breaches, has certainly proved that network security is much more complex than at past times, when firewalls were viewed as premium defense collateral. What are some methods/policies I should be aware of as I look to spend time (and security budget) in 2008?

The CSO's job has gotten more difficult recently as the focus of risk management has shifted from simply protecting their organization's network and server infrastructure to ensuring the Intellectual Property (IP) that is housed within and communicated across that infrastructure is not getting into the wrong hands.

A company's IP may be more valuable than its physical infrastructure. This is obviously the case in industries such as high technology, pharmaceutical, and biotechnology where the essence of competitive advantage and profits is intellectual property. But even in a number of 'lower tech' industries such as entertainment, retail, and financial services, proprietary content and know-how are keys to success and must be closely guarded.

Two fundamental requirements for the CSO charged with protecting this IP are 1) Knowing what his organization's IP is, and 2) Who should be allowed to receive it. Meeting these requirements pose significant challenges.

According to a recent Enterprise Strategy Group (ESG) report, Extending Intellectual Property Protection Beyond the Firewall (sponsored by Reconnex), about half of the 109 companies surveyed did not have standard policies for identifying and classifying IP. Furthermore, IP classification is a bit of an organizational "hot potato" with responsibility for that classification spread across legal, line-of-business management, IT, and executive management in most organizations. This study also confirmed that more large organizations are sharing their IP with an increasing number of business partners (both domestic and international) in conjunction with outsourcing and offshoring relationships. In fact, about two-thirds of the organizations surveyed reported sharing moderate-to-substantial amounts of IP with their business partners today. Yet, less than half of those surveyed have a formal process for determining which IP can be shared with business partners.

So, what's a CSO to do?

First, you have to learn what IP needs protection and prioritize it based on business impact. This requires meeting with functional managers who are tasked with the creation and use of IP to create an inventory of the type of IP within the organization. There will always be a tradeoff between business imperatives and security, so it is important to distinguish the 'must protect' from the 'nice-to-protect' and focus first on the 'must protect' IP. Automated IP discovery tools can be helpful in assisting in the identification of potential IP that needs protection.

Second, you have to learn which business partners are permitted access to what IP. Again, this requires cross-functional dialogs with business unit personnel who are tasked with working with outsourcing/offshoring partners to determine what information is critical to those partners and what information needs to be restricted from dissemination. In most cases, business managers will not be aware of the full extent that information is being sent to the organization's network of business partners. In this case, it may be helpful for the CSO to provide business managers with reports showing the types of information flowing to external partners so those managers can decide what is appropriate and what is not. Data loss monitoring and reporting tools can be helpful in producing these kinds of reports.

CSOs have a clear understanding of how to protect their organization's computing infrastructure. Their new challenge is to protect the critical business information living within that infrastructure from inappropriate disclosure. This requires the CSO to learn what that critical information is and who is allowed to receive it and then to put in place appropriate technology and processes to educate users and to detect and prevent the leakage of that information.

John Peters is CEO, Reconnex.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Peters

Network World
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >




Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?