SOURCE: AEP Networks

March 12, 2008 10:19 ET

IT Execs Fear Growing Data Security Risk From Remote Workers and Network 'Outsiders'

91 Percent Worry Over Threat of Data Leaks From More Open Networks

SOMERSET, NJ--(Marketwire - March 12, 2008) - IT departments are under pressure to make corporate networks more accessible to remote workers and a range of external users despite fears over the increased threat of data leaks, malicious content and hacking that this entails, according to new research*.

91 percent of the 381 UK and North American IT executives polled in the survey by AEP Networks admitted there is a bigger risk of sensitive data being exposed to 'unauthorized eyes' when networks are made accessible to remote workers and external users such as contractors, partners and customers.

89 percent highlighted the greater threat of malicious content such as viruses because of wider network accessibility and 85 percent noted the increased possibility of hacking.

But this opening up of the network is fast becoming inevitable, with 97 percent agreeing that today's networks are more accessible to a variety of internal and external users and devices than five years ago. 94 percent either already allow or plan to allow access to remote workers while a large number already permit or plan to permit access to the following types of user:

--  Suppliers/partners (39 percent)
--  Company guests/visitors (28 percent)
--  Outsourced workers (36 percent)
--  Contract staff (57 percent)
--  External IT support and maintenance (59 percent)
--  Customers (32 percent)
    

The results illustrate the dilemma faced by many IT departments today as Reginald Best, Chief Operating Officer of AEP Networks, explained:

"On the one hand, IT is rightly under pressure to open the network door to partners, suppliers and customers to improve efficiency and enhance business processes. On the flip-side, they're sweating over how to prevent unauthorized access, protect company information and deflect malicious attacks."

With so many different types of user coming onto the network, many IT departments are addressing fears over increased security risks by investing in new technology. The major areas for IT security budget increases over the next 12 months include Secure Remote Access, mentioned by 48 percent of the survey, Network Access Control (NAC) (41 percent), Identity-based network security solutions (37 percent) and Encryption (35 percent).

Many of these investments will help, but what's also needed is a clear, underpinning strategy according to Best, whose company has its roots in secure remote access and encryption systems for government and is now increasingly focusing on a new approach to security based on policy networking.

Technologies such as Identity based security systems, Secure Remote Access and NAC need to be tied together under a policy driven network security strategy. This policy networking model argues for a suite of solutions which interact with existing network systems to enforce rules and policies controlling who and what can be admitted to the network and the resources and information they're allowed to access.

"What systems should specific types of remote workers be allowed to access? What should you do about visitors who don't have the required antivirus on their machines but need to work on your network? And what about providing a safe level of access to users who want to log in from third party locations such as Internet cafés? How does the organization track and audit access? These are the types of issues for which organizations need to develop policies," said Best.

Once there is agreement on these areas, the various components of the policy networking environment can interact with existing directories and authentication systems to verify users' identities and rules governing their access to the network. Those that don't fit with policy or display offending behavior might be put into quarantine, given a lesser degree of access, or denied access altogether.

"It effectively allows you to 'shut the network door' to anything that appears undesirable," concluded Best.

*About the research

The research consisted of an online survey completed by 381 IT executives across the UK and North America in January 2008.

About Policy Networking

Policy networking is the industry's most sophisticated network security strategy. In essence it is about regulating who can access private computer networks based on policies defined by a business. In an ideal scenario, a policy-based network will do the following:

1. Define identity and trust policies for an organization. These policies
   define who gets access to the corporate network.
2. Store the identity of every user in a directory.
3. Authenticate a user's identity before allowing them to access the
   network.
4. Compare the user's computer to the network's software security policies
   to make sure the computer joining the network has up-to-date virus
   protection and won't infect the corporate network.
5. Provide connectivity depending on the user's identity and system
   profile. For example, if the user only has permission to access email,
   then they won't be able to retrieve billing data or certain software
   applications.

Policy networking is currently regarded as the most effective way to secure networks. That's because it initiates more rigorous authentication controls than password protection, and also attempts to protect networks from virus-laden devices.

About AEP Networks

AEP Networks offers a comprehensive Policy Networking solution that provides complete security starting at the endpoints and working throughout a network -- from the edge to the core. AEP's integrated portfolio of security products includes network admission control enforcement points, identity-based application security gateways, SSL VPNs, high assurance IPSec-based VPN encryptors, and hardware security modules for key management. Our products address the most demanding security requirements of public-sector organizations and commercial enterprises internationally. The company is headquartered in Somerset, New Jersey, with offices worldwide.

AEP Networks and the AEP Networks logo are trademarks of AEP Networks, Inc., with registration pending in the United States. Netilla is a registered trademark of AEP Networks, Inc. All other trademarks or registered trademarks contained herein are the property of their respective owners.

Contact Information