The future of network security

Determining how to plan for a business environment in which everyone is connected and security expectations are high is not trivial. We all have to do it.

Enterprise connectivity is exploding, driven by globalization, convergence, virtualization and social computing. As corporate perimeters dissolve, the security focus switches towards application and data-level security solutions. The question to ask is what are the longer-term implications for network security? Will it become redundant or could it grow more powerful? Only one thing seems certain: It will be different from today.

Who needs network security? Why don't we just build encryption and antimalware protection into end-points and simply enjoy open networks? From a security perspective that's always best and it's in line with the Jericho Forum vision. But in the real world it's not so simple. At the very least we need protective measures in networks to guarantee availability and performance. Beyond that there is huge potential to deliver value through security features in networks.

In fact there has always been more to network security than users realize. Fallback, monitoring and filtering are ever-present but invisible to endpoints. Many application owners believe their systems operate on top of a pure IP infrastructure, but nothing could be further from the truth -- enterprise networks are heavily structured.

Today's network products boast an impressive and growing array of single-point security solutions, ranging from simple authentication mechanisms to full-blown identity management.

Taking advantage of network-based security features is difficult in that geography and topology are major factors. They dictate ownership boundaries and legal jurisdictions and it's hard to establish a set of choke points from which all network traffic can be monitored or controlled.

Management domains don't map neatly onto the precise scope of application systems and legacy equipment presents local incompatibilities. Nevertheless, gateway devices are a convenient point for securing central databases. And complete network coverage is not always essential for value to be derived from security analysis because useful intelligence can be derived from samples of traffic.

There are also distinct advantages in locating security measures inside networks. You gain a richer picture of user behavior, enabling individual user activities to be assessed in the context of a broader community. In fact, visibility of events and understanding of context are the keys to effective security and risk management.

The significance and legality of user actions is dependent on context, varying according to user authorization level, sensitivity of data, location of source, method used, and time of day. As one of the 11 Jericho Forum principles states: "Assume context at your peril."

One of the biggest security concerns today is the insider threat. In response to this, you can deploy many interesting techniques in networks to detect anomalous user behavior. Valuable intelligence can be derived by profiling, fusing and mining message content, traffic patterns or IT activity.

Psychological profiling and linguistic analysis are still in their infancy but offer huge potential for the future. Privacy of course is an overriding issue, but security solutions can be devised to contain the risks for many applications. Ignorance of privacy considerations is a bigger problem, as demonstrated by the recent decision by US Homeland Security to scrap an ambitious US$42 million antiterrorism data-mining tool after investigators found it was being tested with information about real people without adequate safeguards.

Another major security concern is lack of consistency in enforcing "acceptable use" policy. Most of these policies are badly written, out of date and poorly communicated. We can fix the latter problems with a bit of effort, but enforcement requires security technology to identify, log and block illegal or inappropriate use of services. This can only be achieved in real-time at the network level. As time goes by, it will be a growing challenge for all organizations.

Network gateways are a vital source of security intelligence because they see failed or blocked transactions, providing a unique insight into attempted attacks. This is an important area because we know that behind every major incident there are dozens of minor incidents and hundreds of near misses. Smart security is about learning from the little events to prevent the bigger ones. Gateways also provide a valuable point at which unauthorized transfers of confidential information can be detected and blocked. Following the spate of high profile data breaches, this is becoming a key objective for many organizations.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

David Lacey

Network World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?