White PapersInternet Security and Business - Part One
Introduction - the key issues at stake
The Internet is now indispensable. In the current commercial environment, businesses have no other choice but to connect all or part of their network to the rest of the world to allow them to stay in contact with their customers, suppliers, partners and employees.
In parallel with this growth in Internet connectivity in businesses, new threats emerge regularly, particularly in the guise of hackers, industrial espionage, computer crime, etc.
These different threats facing the IT network are generally conveyed by thefts of business assets or intellectual property; they induce the shutdown or failure of the information systems in place, damage businesses' images and reputations and alarm consumers.
Unless businesses can rely on solutions allowing them to eliminate most of these risks proactively, it is highly unlikely that they will be able to make use of the tremendous potential that the Internet offers in the development of their business.
The conventional data security approach is not sufficient. In spite of several decades of research in the area of data security and more than one hundred products and items of equipment available on the market, the hazards associated with Internet use are continuing to grow exponentially.
The increased complexity of the Internet and its applications, the determination of businesses to provide users with more services and content, the need to interconnect a growing number of items of equipment help undermine the security of IT environments.
Security based on product installation remains insufficient for various reasons:
- Ongoing detection of new vulnerabilities within systems and applications,
- Continuous development and improvement of tools used to attack systems,
- Need for regular patch installations on security equipment essentially due to its imperfection.
As a result, the corporate network becomes vulnerable at an increasing rate.
Security depends on individuals. In the event of attacks, the network configuration or security equipment installed is of little importance. It is also of little importance who the person responsible for the defending the information system is. The only way not to be affected by new vulnerabilities or new attacks lies in detection methods and possible solutions.
If we compare the situation to the real world, it is characterised by alarm systems and the use of security services. With permanent on-line corporate networks, the term monitoring solutions may be used.
A business needs the best skills available to defend its system when it is subjected to attacks. The business also needs to detect attacks or vulnerabilities instantaneously and provide effective solutions. To access all these services, businesses need to supervise their systems, which an MSSP (Managed Security Services Provider) would typically propose in its service offerings.
Network security monitoring remains one of the key components still lacking in most corporate data networks. Monitoring provides immediate information on the effectiveness of the security policy set up on a network. This information is updated in real time, as new attacks, new threats, software updates and system configuration modifications develop. Monitoring may be compared to a window on network security. Without this window, the company's security or information system manager would be blind.
Monitoring takes on a strategic aspect wherever network security is set up.
Definition of security services market
One can define the security services market as activities relating to the planning, architecture definition, implementation and management (administration) of corporate network security.
Consultancy, integration, implementation, monitoring and administration services represent the majority of the services currently available on the market. However, training and education services specific to security are also included in this sector. The different offers comprising these sub-sectors are defined below.
Security consultancy services include:
- The security audit
- Intrusion tests
- Security architecture and design analysis
- Security policy and strategy planning
- Monitoring
Integration and implementation services include:
- Purchase of hardware and software
- Secure network architecture integration
- System migration
- Performance tests
- Skills transfer
Monitoring and administration services are conventionally offered round the clock, seven days a week and are carried out remotely. Typically, the services in the sub-sector include:
- Equipment administration services (routers, servers, Firewalls, VPN, etc.)
- Vulnerability prevention services
- Off-site data backup and archiving
- "Log" monitoring services (hardware and applications)
- "Anti-Virus" administration
