Survey: Companies Believe Opening Network Poses Bigger Risk Of Data Breach
IT departments are under pressure to make corporate networks more accessible to remote workers and a range of external users despite fears over the increased threat of data leaks, malicious content and hacking that this entails, according to new research.
Ninety-one percent of the 381 UK and North American IT executives polled in the survey by AEP Networks admitted there is a bigger risk of sensitive data being exposed to ‘unauthorized eyes' when networks are made accessible to remote workers and external users such as contractors, partners and customers.
Eighty-nine percent highlighted the greater threat of malicious content such as viruses because of wider network accessibility and 85 percent noted the increased possibility of hacking. But this opening up of the network is fast becoming inevitable, with 97 percent agreeing that today's networks are more accessible to a variety of internal and external users and devices than five years ago. 94 percent either already allow or plan to allow access to remote workers while a large number already permit or plan to permit access to the following types of user:
- Suppliers/partners (39 percent).
- Company guests/visitors (28 percent).
- Outsourced workers (36 percent).
- Contract staff (57 percent).
- External IT support and maintenance (59 percent).
- Customers (32 percent).
The results illustrate the dilemma faced by many IT departments today as Reginald Best, CEO of AEP Networks explained.
“On the one hand, IT is rightly under pressure to open the network door to partners, suppliers and customers to improve efficiency and enhance business processes,” Best said. “On the flip-side, they're sweating over how to prevent unauthorized access, protect company information and deflect malicious attacks.”
With so many different types of user coming onto the network, many IT departments are addressing fears over increased security risks by investing in new technology. The major areas for IT security budget increases over the next 12 months include secure remote access, mentioned by 48 percent of the survey, network access control (NAC) (41 percent), identity-based network security solutions (37 percent) and encryption (35 percent).
Many of these investments will help, but what's also needed is a clear, underpinning strategy according to Best, whose company has its roots in secure remote access and encryption systems for government and is now increasingly focusing on a new approach to security based on policy networking.
Technologies need to be tied together under a policy driven network security strategy. This policy networking model argues for a suite of solutions which interact with existing network systems to enforce rules and policies controlling who and what can be admitted to the network and the resources and information they're allowed to access.
“What systems should specific types of remote workers be allowed to access? What should you do about visitors who don't have the required antivirus on their machines but need to work on your network? And what about providing a safe level of access to users who want to log in from third party locations such as Internet cafés? How does the organization track and audit access? These are the types of issues for which organizations need to develop policies,” Best said.
Once there is agreement on these areas, the various components of the policy networking environment can interact with existing directories and authentication systems to verify users' identities and rules governing their access to the network. Those that don't fit with policy or display offending behavior might be put into quarantine, given a lesser degree of access, or denied access altogether.
“It effectively allows you to ‘shut the network door' to anything that appears undesirable,” Best said.