Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Gilles

Is “good-enough” security really good-enough ?

by Gilles ‎04-30-2012 05:20 AM - edited ‎05-16-2012 12:51 AM

(version française)

 

In the graph below we put in correlation investments in security and the level of protection you get for that money.

 

Let’s define the green line as the representation of the today security market situation based on what the different vendors offer (it’s true that – for instance – when you want to achieve a very high level of security, a small increment of this level could cost a fair amount of extra money).

 

Risk Attitude.png

 

 

Now, from a conceptual point of view, we can also use this graph to highlight our attitude to the risk. To keep it simple, we can distinguish three different main security philosophies:

 

  1. The red zone – Organizations belonging to this category spend a little amount of money in security components. They do not expect in return to get a high level of protection. They tend to react to security issues once they have happened. They typically start with the most basic level of protection and operate in “denial” mode until a breach hits which is when they react to it. In fact they don’t consider security to be worthy of even medium levels of proactive investment, and/or they may think they are not really exposed to threats due to the nature of their business.
    Unfortunately, the experience shows that data breaches can affect any organization, of any size and in any sector. A single attack, happening only once, can cause major damages, not only financially, but also in term of reputation and image. So this attitude is very risky in our today environment, where pro-activity is essential.

  2. The orange zone – The second and intermediate category regroups those enterprises being pretty well aware of the various running risks. They usually take seriously all the security aspects. The majority has put in place over time different security layers and components and thus managed to improve their threat control and risk mitigation. But they still approach security from a proactive but tactical one off approach standpoint, i.e. they believe security to be important but don’t consider it holistically.  They tend to have a large number of vendors and non-integrated security solutions.
    I don’t think this tactical posture is the right one to adopt either, as the fact they have implemented different security systems, from different vendors, leaves some holes in their line of defense that a malicious hacker could quite easily exploit.

  3. The green zone – Finally, the third category consists of organizations having a high security awareness and that are looking at putting in place the best possible protection in order to mitigate the risk as much as they can.  They approach security from a proactive and holistic security information strategy standpoint and they tend to have one to few vendors. Furthermore they operate an integrated approach – from the devices to the datacenter – for security needs.

 

So, quick question for you : in what category would you classify your own organization ?

 

 

Now, let’s go back to the curves. As mentioned, a high level of security has a price. From a vendor perspective, continuing to offer the best security products, implementing new features able to stop the ever evolving attacks and threats, having a threat center focusing on security research and ensuring then that your installed equipments are always up to date with the latest threats information, all this requires continuous innovation and sustained investments in research and development. Only those vendors that consent to these investments can offer in the end the best possible level of security.

 

Unfortunately, some security vendors try to convince us they can offer more for less. This results in a shift of the green line to the left (dotted blue line). This could sound attractive to some organizations, but the reality is they end up with a solution not delivering the expected/promised level of security, resulting in the red line on the graph. The bigger the produced gap between the green and the red lines is, the more latitude you leave to hackers and malicious people to generate attacks. And the worst thing about that is you finally become aware of the existence of this gap the day when a serious attack occurs and creates irreversible damages…

 

The conclusion is “good-enough” security is simply inadequate for high-performance enterprises. This is NOT an option in our ever evolving threat landscape. Also, only end-to-end, cooperative and federated security can efficiently mitigate the risk; implementing point products belongs to the past and is the best way to eventually finish with an infected network.

 

The Juniper security portfolio is unparalleled in the industry. This allows us to serve our enterprise customers and deliver a security solution and architecture that spans the datacenter (including now web applications), campus, branch and mobile workforce (true end to end solution). We have a leading research team that not only writes our signatures but also has deep insight into the ongoing threats that we see in the industry. This insight is translated into signatures and technology to develop more advanced capabilities to address today's emerging threats.

 

I hope this blog has helped you a bit to answer the initial question.

 

My final and humble advice to you would be:

  • Adopt the right attitude to the risk – and I think only one makes sense

  • Think twice before choosing a security vendor – critical aspects like credibility, vision, innovation, portfolio richness (end to end) and history must be considered

  • Remember that only collaborative security can offer the highest possible security level and risk mitigation

  • And finally, ask yourself about which curve you would like to be on, the bottom line being that every organization should aspire to get to the green zone and on the green line.

 

Comments
by Gilles ‎05-02-2012 01:02 PM - edited ‎05-05-2012 08:36 AM

I received the following reply on the @JuniperNetworks Twitter account in response to my blog post:

“considering the fact that security isn't an absolute, isn't it always a matter of "good enough" to some degree?”

This Tweet was posted by @mpgehrisch

 

I would like to answer this way. It is true that we are moving in a highly evolving threat landscape, but this is not a fate! It is also true that the current security model in use in most organisations does not have the flexibility and responsiveness to address the growing sophistication and frequency of network attacks.

 

In a recent study we conducted together with the Ponemon Institute, we were able to highlight that the perception of the majority of the respondents was that their IT infrastructure was not secure enough to prevent breaches. I would add that the prolifaration of mobile devices in the workplace we can observe these days – with all its associated security concerns – is not going to lower this feeling of insecurity. We concluded that this lack of confidence is certainly an acknoledgement that these organizations need to invest in stronger and better security technologies — i.e. they need to aspire to get to the green zone and on the green line.

 

To adapt to these new realities, enterprises need to fundamentally rethink their security approach. Now more than ever, a “defense in depth” approach is required. No single technology can effectively protect all of an enterprise’s assets. To guard today’s dynamic IT environments against the new threats, organizations need to manage networking and security in an integrated, federated and coordinated fashion. Integration must take place across all networking and security functions in order to ensure optimal performance and protection. Also, security needs to be applied across the broadest range of devices, including for instance coorporate issued laptops and personal smartphones and tablets (aka BOYD effect). The bottom line is that security teams need to take a cohesive, holistic and centralized approach that encompasses the client, the network, the servers, and all the other elements within the IT infrastructure.

 

 

Labels
About the Author
  • Alan is the Head of EMEA Field Marketing at Juniper Networks with over 10 years of Information Technology marketing experience to his credit. Delivering excellence in marketing for international corporate business and in-country local business. Alan has a strong understanding and passion for ensuring that marketing can deliver growth and success to any size of organisation.
  • A Marketing and Business Development professional with 24 years extensive Sales/Business Development, Marketing and Technical experience in the Networking/Telecoms/Datacomms and Mobile market segments, focused on selling to Service Providers. Fomerly VP Marketing at the Metro Ethernet Forum (MEF)
  • David Noguer Bau is the Service Provider Solutions Marketing Manager for Juniper Networks EMEA. He has extensive experience in Carrier Data Services with special emphasis on next generation Multiplay services and network architectures. Prior to joining Juniper Networks, Mr. Noguer Bau spent seven years at Nortel where he was a Business Development Manager specializing in Carrier Ethernet and Broadband areas. Before Nortel he worked at Eicon-Dialogic as Technical Manager in Spain. David is the Country Marketing Chair at Metro Ethernet Forum for Spain. Mr. Noguer has wide experience speaking at international Conferences. He holds an IT engineering degree from Universitat Autonoma de Barcelona (UAB) and has an executive MBA from EADA Barcelona. The views expressed here are my personal opinions , have not been reviewed or authorized by Juniper Networks and do not necessarily represent the views of Juniper Networks.
  • I’ve been 29 years in the industry, first as a trainee IBM operator at Barclays Bank, later starting my own business which was ultimately acquired by French listed company EasyVista – [giving me great insight into working as part of an internationally focused company alongside organisations like Reuters, UBS Warburg, GlaxoSmithKline and London Electricity]. I am Sales & Marketing Director at Netutils – a specialist IT Networking and Security solutions provider. My passion continues to be making enterprise more efficient via the intelligent deployment of technology, with a view to delivering real value for my clients.
  • Based on the East Coast of the United States, Dean is the Global Managing Director for Juniper’s Cloud Networking Solutions. In this role, he is responsible for the development of Juniper’s business efforts in the Cloud Computing industry, specifically to increase revenue growth, field productivity, SP and Enterprise relevance and market share. It is a key business leadership position inside both the Service Provider and Enterprise Sector and through this role, Dean has the charter to establish and execute a thought leadership agenda for Juniper Cloud Networking. Dean has been with Juniper for over eight years and has previously held various Senior Strategy and Planning and Solutions Marketing roles. In these roles he has been responsible identifying business opportunities in new areas, markets, and disruptions that increase Juniper’s competitive position and take them to both the Service Provider and Enterprise market. Prior to Juniper Networks, Dean was with Uecomm (a Singtel company) as the Australian Sales Manager for Major Bids. Significant wins led to Fiber based Ethernet services being delivered to hundred of Schools, Government agencies and large Enterprises across Australia. Dean has held several senior Sales and Marketing roles including that of Solutions Marketing Manager for Nortel Networks Asia Pacific region. Dean has also been with Novell as a Systems Engineer and Channel Business Development Manager, facilitating and promoting Novell’s business and technology strategies to the reseller and distributor community throughout the Southern region of Australia. In his early career, Dean ran Com Tech’s Southern Region (now Dimension Data’s) Education Services Business where he personally educated hundreds of networking professionals. With 20 years experience in the IT and technical services industries, Dean holds a Bachelor of Science (Physics) degree and a graduate diploma in Education from the University of Melbourne. He also holds a certificate in Strategic Marketing from the Harvard Business School and is a regular presenter at Industry forums.
  • Donyel Jones-Williams is Senior Product Marketing Manager overseeing SDN and Core Service Provider Product line for Juniper Networks. In this role, he leads all of the internal and external marketing activities for T-Series, PTX, IP/MPLSView and NorthStar SDN Controller. Prior to joining Juniper Networks in January 2014, Donyel was a Senior Product Line Manager for Cisco Systems with in the High End Optical Routing Group managing product lifecycle for multiple products lines helping telecom providers operate efficiently and effectively including; ONS 155xx Product Family, ONS 15216, ONS 15454 MSTP, Carrier Packet Transport Product Family, ME 2600x, & ASR 9000v. He also negotiated favorable agreements with 3rd-party vendors furnishing components and parts and conducted both outbound and inbound marketing (webinars, case study-development, developed and delivered both business & technical at Cisco Live 2005-2012). Donyel graduated from California Polytechnic State University-San Luis Obispo with a Bachelor of Science in Computer Science. While attending Cal Poly SLO he was a collegiate student athlete playing football as a wide receiver and a key member of the National Society of Black Engineers. Donyel is now an active volunteer for V Foundation.
  • With 20+ years of global IT management experience, Gary Clark oversees all technology services to support 9,600 employees at Juniper Networks, a $4.5 billion networking innovator with operations spanning 123 offices in 47 countries. Prior to Juniper, Gary held senior IT management roles at BlackRock/Barclays Global Investors and Deutsche Post/DHL.
  • ISP Network Engineer currently enjoying the security side of the Juniper product range. Busy studying for the JNCIP-SP and ENT. Outside of work I enjoy the great outdoors: Mountaineering, Bouldering, Rock or Ice climbing, Tramping (hiking to non-Kiwis) and Snowboarding. I'm also a member of the Alpine Cliff Rescue Team in Christchurch, assisting is vertical rescues or those requiring specialist access or extraction techniques, crevasse rescue etc.
  • I have spent my entire career in the networking industry, and have been with different networking vendors since 1999. I'm currently responsible for selling Juniper Campus & Branch solutions (mainly wireless LAN) in the Nordic & Baltic region.
  • I have been in the networking industry for over 30 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Eleven years in the US, over 20 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 my focus has been on services at Juniper: support services, professional services, service automation. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! For more about me, go to my LinkedIn profile: http://fr.linkedin.com/pub/joe-robertson/0/4a/34a
  • John is an experienced IT professional with over 25 years in the Industry. He is the UKI security lead for Juniper Networks and previous to this has held various sales in sales management positions with Mimecast, Proofpoint, Cisco, EMC and PCS. He started his career with Siemens and Sun Microsystems as a Systems Engineer.
  • Marketer for over 15 years in both B2B and B2C. Jon has worked with a number of the world's leading IT organisations, helping enterprise and service provider organisations solve their IT challenges.
  • Jon joined Fujitsu UK&I as Chief Technology Officer in January 2011 from the public sector, where he was Chief Information Officer, Transformation Director and SIRO at the Valuation Office Agency. Prior to this he was Her Majesty’s Revenue and Customs’ first Chief Technology Officer, leading the integration of the former Inland Revenue and Customs & Excise organizations. His roles in both organizations drove out savings in excess of £600m, as well as bringing about significant technology transformation, building high performing teams in the process. Jon was a founding and core member of the UK Government Chief Technology Officer Council and recruited and led a team creating Public Services Network, XBRL mandation and cross government channel strategy. Jon’s client side board level experience is built on 11 years at Accenture, with clients including Barclaycard, Legal & General, BP, Castrol and BG Group. Jon now leads the UK & Irelands 1,200 strong Architecture Community, driving standard solutions, reinforcing rigorous re-use and a collegiate collaborative community and culture, leading with courage and conviction. Jon is a firm believer in the 4Ps – Pace, Passion, Pride and Professionalism. He is a Chartered Engineer, Fellow of the British Computer Society, founding Fujitsu Fellow and a member of the Advisory Board for AppDynamics.
  • Marcel Wiget is Consulting Engineer Specialist and member of the Advanced Technology team for EMEA. His career within Juniper started back in 2009 as a Senior Systems Engineer driving one of the first MX based Broadband Edge deployment to success. Prior to Juniper, Marcel held various positions in pre-sales, professional services and development at Chantry Networks, Spring Tide, Nortel Networks and Wellfleet.
  • I love the intracacy and intimacy of succesful communications. Why and how people engage with each other is fascinating. I am also consumed with the way IT changes behaviours, values and expectations in society. I bring this sense of wonder to my role in EMEA Service Provider Marketing Programs at Juniper Networks. Down time: My passions are music, reading, politics, Derby County and playing the guitar (and the harmonica). You can follow me elsewhere: twitter: @neilpound my personal blog: http://neilpound.tumblr.com/ my LinkedIn account: Neil Pound
  • I am one of a small team of Network Engineers working for Lumison Ltd, a UK ISP/MSP based in Edinburgh, Scotland. I have been with the company for almost 6 years moving from frontline support to the Managed Services team dealing with customer network design and implementation before talking up the role of Network Engineer. As well as the JNCIE-ENT certification.
  • An inspirational marketing leader working across the entire marketing mix to transform brand into business value, activity into results and thought leadership into measurable pipeline. You can follow me on Twitter at @PaulGainham
  • Marketer with over 20 years experience, focused on High Tech B2B marketing. Head of Content at Juniper Networks EMEA.
  • I have been at Juniper Networks since 2004, focused on Corporate Communications (media relations, analyst relations, customer reference progam) for the Europe, Middle East & Africa region. I have worked in the networking industry since 1988.
  • 26 years in the Telecom Industry, half of it in Juniper...
  • Raghu Subramanian is VP of Sales Engineering for Asia-Pacific at Juniper Networks. Prior to this, he has served Juniper as chief strategist for the security business, product evangelist to channel partners, and product manager for M-series routers. In past lives, Raghu was a chip designer at Hewlett Packard, and an R&D manager at a start-up acquired by PMC-Sierra. Raghu has an MBA from the MIT Sloan School of Management, Ph.D. in Computer Science from the University of California at Irvine, and a B.Tech.in Electrical Engineering from the Indian Institute of Technology at Kanpur. In his spare time, he enjoys reading non-fiction, coaching kids for the Math Olympiad, and traveling with his family to other countries to learn about their ways.
  • I am the Senior PR manager for Juniper Networks in EMEA and have been with the company for over 5 years.
  • Russell is the global leader of the Advanced Technologies team specializing in Data Center Virtualization and Automation. Russell leads the team that provides Juniper’s major customers with solutions to provide the network underpinnings for highly virtualized and automated data centers.
  • Stephen is currently a Partner Acccount manager at Juniper Networks, and has held this role for 3 years. Prior to Juniper, he worked at Extreme Networks for 11 years in a variety of roles. Stephen is a Father of 3 children, a keen cricket fan and enjoys cooking, reading and theatre in his free time.
  • Stephen Liu is Senior Director of Product Marketing for Juniper Networks. In this role, he leads product marketing for Juniper’s industry-leading service provider portfolio of high-performance routing and switching products. These products include Juniper PTX Series, T Series, MX Series, and ACX Series platforms along with software and security. Prior to joining Juniper in 2013, Stephen served as Director of Service Provider Marketing at Cisco Systems. In that role, he led product and solution marketing worldwide for the service provider routing, switching, optical, and software portfolio. Products included NCS, CRS, ASR, and ONS platforms. Stephen attended the University of California, San Diego, where he received a bachelor’s of science degree electrical engineering – communication systems. Hobbies include restoring old Volkswagens and coaching competitive youth soccer. He is based in Sunnyvale, California.
  • Stuart Borgman is a Senior Director responsible for the Advanced Technology Technical specialists for Europe, Middle East and Africa (EMEA). The goal of Advanced Technology is to provide Architectural and Technical specialisation to ensure Juniper is building industry leading solutions for its customers. Stuart Initially joined Juniper Networks in 2000 after spending six years at Cisco. From 2009 to 2012, Stuart was the CTO of MLL Telecom in UK, who is a Managed Service Provider for fixed line and mobile backhaul services in the UK.
  • I'm currently working on a number of Service Provider projects focusing on Identity Management. These range from Mobile Operator WiFi offload projects & 3G SCADA device management to broadband authentication encompassing quota and service management for P2P and video traffic control. I have over 15 years progressive experience designing complex RADIUS platforms to meet the demands of the most multifaceted businesses. One of the most successful projects focused on the consolidation of 22 separate RADIUS platforms spread over a large estate onto a single pair of RADIUS servers, offering the same functionality and business logic as the prior estate. In addition I have spent a number of years observing and implementing solutions for the enterprise space in the BYOD and NAC market. It's a keen area of interest for me as it combines the whole concept of identity management and business needs together. My largest project in this space was for a UK company with global offices providing a NAC solution for over 200 sites, with over 150,000 staff. Over the last 10 years Netutils have invested heavily in developing a technical team to support me and the business on these key areas. I strongly believe that a solution designed by Network Utilities should be the right solution technically and commercially for the customer, so my over-riding focus is on customer satisfaction. This follows on in the technical support service the Netutils team offer post implementation. Specialties Not making tea, NAC, RADIUS, Quota Management, Diameter, full life cycle of the subscriber management. Working with large organisations taking a concept through to delivery around identity management whether authentication or Quality of Service.
  • An accomplished network engineer with 14+ years’ experience, and a Juniper employee since 2004, Tony leads the IT team focused on deploying “Juniper on Juniper”, using Juniper technology to run the business and deliver core business services across the enterprise. Tony holds a double JNCIS certification in Enterprise Routing, Security (JNCIS-ER, JNCIS-SEC) and a BS degree from California Polytechnic State University. Outside of work, Tony serves on a School Advisory Council, loves biking and good coffee.
  • Zoe Sands is Head of Digital Marketing at Juniper Networks and is responsible for digital marketing and social media across EMEA. She is an experienced Digital Marketer since 1997 with PRINCE2 practitioner status, during this period Zoe has successfully launched many new online innovations for Juniper Networks, Cisco, Dialogic, the Chartered Institute of Marketing (CIM) and Hyundai, including content managed and e-commerce based websites to integrated social media programmes. She has International exposure running projects globally, regionally and at a country level. Zoe’s approach is to create an environment where those around her can share her passion for the Internet and the opportunities it presents. She says sharing knowledge, championing and communicating the benefits of digital capabilities enhances both the user experience and offers additional online communication channels and business opportunities. Zoe has a blog ‘Learning and sharing...’ to share her experience of all things online marketing, social media, chat online, SEO, SEM and mobile related content. You connect with Zoe via LinkedIn or find her on Twitter: @zoe9 and @ZoeSands.
About Industry Solutions and Trends

Subscribe RSS Icon

Follow our Twitter Accounts:
Juniper Networks Twitter
UK Twitter
Japan Twitter
Australia Twitter
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.