February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« New Age of Computer Security? | Main | Hackers Get Predictable »

October 11, 2006
Poor Access Controls Can Harm Any Sized Company

An article from Search Security reports that no matter the size of your company, your IT must always keep tight control over authenticating users and controlling network behavior. But where large companies have the resources to implement controls such as two-factor authentication, smart cards and tokens, that technology is not always affordable to small and medium sized enterprises.

So many SMEs try to make best with the Network Access Controls (NAC) offered by Microsoft and Cisco Systems, two companies that recently announced plans to provide better interoperability between them. Many security vendors have also gotten in the game trying to entice midmarket companies with more affordable options.

Amer Deeba, VP of business development for Qualys, said that while some mid-sized companies may have decent internal controls, they often lack adequate NAC for their outside contractors, many who frequently sign-on to the network. "That's why NAC is becoming a big deal," Deeba stated.

Security vendors have been trying to develop inexpensive tools, and while that has created a growing number of choices, they often lack interoperability. Unfortunately, for SMEs, there is still no magic bullet. Todd Towles, an IT security consultant, was quoted saying, "Products that work in and of themselves and enable IT administrators to see the big picture are the most value." It is also important that the solution is scalable so they can accomodate a company's growth.

Also, the problem remains that midsized companies often don't view security as important or strategic, and it's hard to see any return on such an investment. Jonathan Penn, an analyst at Forrester Research in Cambridge, MA, said that it's up to IT professionals to help their bosses understand what's at stake. Penn also said, “IT professionals should frame the need for new investment not in terms of cost, but in terms of how it will help the company manage its risk."

If that doesn't work, there is always compliance to consider. The PCI Data Security Standard has motivated plenty of SMEs to take action. So no matter what sized company you are, in this day and age of twenty-four seven security threats, simple password verification just doesn't cut it anymore.

Posted by pschooff in Better Protection • Cisco Systems • Microsoft • Small Medium Enterprise |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/799

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map