Jeudi 12 Mai 2011
CFO News - Le quotidien Finance et Gestion by Finyear

Économiser du temps, de l’argent et des ressources grâce à la sécurité hybride

Par Spencer Parker, Group Product Manager, Websense


Résumé: Les étapes de l’évolution humaine peuvent se mesurer en millions d’années mais l’informatique fait des pas de géant chaque année pour apporter de nouveaux matériels, applications, avantages... et menaces. De nombreuses entreprises ont rapidement acquis une mosaïque complexe de systèmes anciens et modernes, mais chacun engendre un nouveau risque pour la sécurité de l’entreprise et des utilisateurs : les « vieux » mainframes peuvent fonctionner avec les technologies novatrices du Web aux Smartphones, mais leur contrôle et leur sécurité sont souvent dissociés. Le temps est venu de prendre du recul et d’identifier où résident toutes vos données, où elles sont envoyées et comment elles sont utilisées, en adoptant une stratégie de sécurité hybride.

Saving time, money, and resources with Hybrid Security
Steps in human evolution can be measured in millions of years but the IT world makes giant leaps every year bringing new equipment, applications, benefits.....and threats. Many businesses have quickly acquired a complex patchwork of legacy and cutting-edge systems but each opens up a new risk to corporate and personal security: elderly mainframes may work together with game-changing technologies from the Internet to smartphones but they are often monitored and secured separately. The time is right to step back and take a comprehensive grip on where all your data lives, where it is sent and how it is used – the Hybrid Approach to Security.

The game has changed
Managing security for any size of organisation is becoming significantly more difficult and expensive. Social networking tools like Twitter and Facebook, as well as the Web itself, plus IT-sanctioned applications such as Google Apps and SalesForce.com are making the potential for inbound threats much worse. In addition, organisations must increasingly be concerned about what is heading in the other direction – a trade secret sent through a Twitter post, an unencrypted file containing personal health information sent in Webmail, or an employee blog post that does not represent the position of his or her employer can all have serious financial and other consequences.

The ‘office’ is now a very elastic term. IDC Research predicts that, by 2013, mobile workers will comprise more than one third of the world’s workforce.* In addition to business travellers, hundreds of millions of employees now work from home or from remote and branch offices at least part of the time. The implication is that organisations need to find an effective and affordable way to extend their content security strategy.

Another aspect of the challenge facing today’s enterprises is the expansion of regulatory requirements, such as the Data Protection Act in the UK and HIPAA and HITECH across the USA. Demonstrating compliance with these and other local and regional legislation and industry-specific requirements is a significant undertaking. It is also one that often competes for scarce manpower and budgetary resources and for which there is no reasonable alternative: organisations that fail to comply run the risk of punitive penalties and negligence lawsuits.

While security threats are increasing in frequency and severity, so too is the cost of defending against them. Not only must organisations deploy and maintain traditional protection, they must also guard against new, more modern threats that are designed to evade legacy defences.

Furthermore, with the traditional approach of adding a variety of discrete security technologies over time, protecting against outbound risks like data loss can easily lead to costs getting out of control due to redundancy and inefficiency. For example, an organisation may deploy servers or appliances focused on protecting spam and malware that are delivered through email. They then add servers or appliances focused on real-time communications. Later, as they recognise the threat from use of the Web and Web 2.0 applications, they may add servers or appliances to protect against them. As organisations attempt to solve the problem of data loss and resulting compliance issues, they are investing in even more infrastructure and technology.

The result can be a collection of non-integrated systems that drive up costs to deploy, manage, and support, and that lack the ability to apply consistent security controls across the enterprise with ease and efficiency. This creates a number of difficult and expensive problems, including:
- The need to manage multiple vendors and their varied upgrade cycles
- The use of multiple consoles and interfaces to manage each system
- Managing support requirements for each vendor’s solution
- Incomplete and inconsistent security coverage that can arise from less than complete overlap between the various solutions that have been deployed
- Higher costs for IT staff required to manage the infrastructure, and higher costs because point solutions from a variety of vendors are being used instead of an integrated solution from one vendor

The unfortunate reality for today’s enterprises is that IT security risks continue to escalate at the same time that the resources available to mitigate them are diminishing or, at best, remaining constant. Small companies and field offices of larger ones typically do not have enough users to support a dedicated IT staff person, meaning they must rely on the office manager, accountant or other non-technically-qualified person to manage the local infrastructure, perform regular updates, apply patches, manage policies and perform other housekeeping chores for the local appliance or server. As a consequence, many organisations either go without the requisite coverage, or pay a high cost by managing multiple vendor solutions.

According to Chris Christiansen, vice president, Security Products and Services at IDC, the need has never been greater for a new unified security paradigm to provide consistent protection from both inbound threats and outbound risk with single policy management for on-premise and Security-as-a-Service (SaaS) deployments across dispersed enterprises. “The Web has become the preferred platform from which cybercriminals launch their various types of complex malware attacks on individuals and businesses, because it is perceived to be an easy way to access valuable information assets.”

Hybrid - control and flexibility
The ideal solution is one that combines the efficiency and flexibility of a cloud-based solution, with the control and feature-rich capabilities of on-premise approach – a hybrid architecture. The bottom line is that with a hybrid approach to content security, an organisation can manage security both on-premise and in the cloud simultaneously for different users. For example, users in a headquarters location can have their content secured using on-premise infrastructure while remote users’ content is filtered in the cloud. Traffic for the latter does not have to be backhauled to the on-premise infrastructure, resulting in greater efficiency and lower cost. In addition, a hybrid infrastructure enables policy enforcement from one pane of glass simultaneously for all users.

There are a variety of organisational types and scenarios for which a hybrid approach is an ideal solution for managing security. For example, highly distributed organisations are a good fit for the hybrid approach to security because smaller, remote offices cannot afford to maintain dedicated IT staff that can deploy and maintain on-premise infrastructure. However, even organisations that are not distributed can also benefit from the hybrid approach because of its ability to lower the overall cost of managing a security infrastructure. Further, as more of the security infrastructure is deployed beyond corporate boundaries, it is necessary to consolidate the infrastructure to maintain its manageability – the hybrid approach is ideally suited to organisations that need to do this.

Less infrastructure to deploy
The hybrid approach allows organisations the freedom to choose the mix of capabilities that work best for them: on-premise infrastructure, cloud-based services or a mix of both in the same environment. This can reduce the overall cost of managing a security infrastructure because it reduces the physical footprint at various sites in the enterprise. Using cloud-based services means that there is simply less infrastructure to evaluate, specify, deploy and manage - and it reduces overall power requirements.

The control of on-premise with the efficiency of the cloud
A hybrid on-premise/cloud security solution combines the best of both worlds: the highly granular and manageable control of an on-premise solution coupled with the inherent efficiencies of the cloud. The result is a security infrastructure that is less expensive to manage and less susceptible to surges in malware and related activity, while still providing the tight control over how the system is managed.

IT does not have to absorb the cost of deployment
By using the cloud as an integral component of a security infrastructure, however, the burden of adding new infrastructure does not go away – but it does get shifted away from the customer to the cloud provider, freeing IT from having to absorb the cost of new hardware and software deployments.

Less IT staff time devoted to administration
An Osterman Research study in 2009 found that an organisation of 5,000 users bears a cost of more than $404,000 annually just for the labour to manage the security infrastructure. With a hybrid security infrastructure, even an organisation with just one site can also lower their costs of managing security by eliminating the amount of time devoted to patches, upgrades, deploying new appliances, and so forth.

A single console to manage everything
Instead of managing policies in an email security infrastructure, a data loss prevention (DLP) infrastructure and a Web security infrastructure, each using their own interface and policy applications, all corporate security policies can be developed, monitored and enforced from a single console. This results in not only a lower cost of administration because less IT time is spent managing policies, but also more consistent policy enforcement and the ability to respond more quickly to needed changes in security policies.

Remote and branch offices
Remote offices without dedicated IT staff can have the same access to corporate policies as those users that are served by on-premise infrastructure. Remote users are served by the same policies at the same time without a lag in policy updates.

So, using a combination of cloud-based and on-premise services can yield two important advantages: the efficiency of cloud-based delivery combined with the highly granular control that on-premise systems can offer. Furthermore, such an approach can lower the total cost of ownership whilst improving the overall security posture for many organisations.

Cost Analysis
Clearly, a hybrid approach can offer significant cost advantages. Two examples of detailed cost analysis** show how different organisations can benefit by using an optimized, hybrid security system, leading to savings of 43-45 percent over a period of three years.

The first case study involves a US regional healthcare organisation with 1,500 users that has one central headquarters facility with 500 users evenly distributed across 20 regional offices. The result is a significant savings from the hybrid infrastructure: $6.87 per user per month, or a total of more than $370,000 over the three-year lifecycle of the infrastructure.

The second case study is a 10,000-seat financial services organisation with 4,000 users in a headquarters location and 6,000 users evenly distributed across 100 nationally distributed field offices. Here, too, the result is a significant savings from the hybrid infrastructure: $6.99 per user per month, or a total of more than $2.5 million over the three-year lifecycle of the infrastructure.

Summary
Conventionally managed application security is becoming more complicated with the increasing use of new tools like Twitter and Facebook, and it is becoming more expensive. The results are higher IT costs, more cumbersome and less timely policy management, and greater potential for violating regulatory, legal and corporate policies.

By using a unified approach that combines the optimum combination of on-premise infrastructure with cloud-based services, organisations can reduce their overall cost of ownership for managing security, increase the effectiveness of their policy management, and free IT staff for tasks that will provide more value to the enterprise.

* Worldwide Mobile Worker 2009-2013 Forecast - IDC Research: February 2010.
** Full figures in “The Cost Benefits of a Hybrid Approach to Security” – Osterman Research: Feb 2010

A propos de Websense
Websense, Inc. (NASDAQ : WBSN), leader mondial des solutions intégrées de sécurité du Web, des données et de la messagerie, fournit la meilleure protection contre les menaces contemporaines au TCO le plus bas à plusieurs dizaines de milliers de grandes entreprises et PME dans le monde. Distribuées au travers d’un réseau mondial de partenaires et disponibles sous forme de logiciels, appliances et SaaS, les solutions de sécurité de contenu de Websense aident les entreprises à tirer parti des nouveaux outils de communication, de collaboration et du Web 2.0. Pour se faire, elles apportent une protection contre les menaces continuelles, préviennent la perte d’information confidentielle et permettent d’appliquer les règles d’usage d’Internet et les politiques de sécurité. Le siège de Websense est basé à San Diego, Californie, et l’entreprise a des bureaux partout dans le monde. Pour plus d’information, visitez websense.com

Articles similaires