Thwarting the enemy within

Reality plays havoc with the convenient fiction that the corporate firewall separates the safe zone it encloses from the dangerous world outside. Insiders with means, motive, and opportunity are always a major threat, and our survey shows that IT professionals are increasingly aware of it. The respondents to the 2003 InfoWorld Security Survey indicate that the possibility of damage from unintended employee errors and sabotage — by former or current employees — is keeping executives and security professionals up at night (for more on the top threats readers are facing, see chart below). The question is not whether to compartmentalize the internal network, but how.

VLANs (virtual LANs) and internal firewalls are part of the answer. As with external firewalls, these solutions are administratively costly but feasible when people and equipment exist in stable configurations over time. An agile enterprise, however, must be able to create new configurations at will, without requiring users to define them or IT administrators to implement them. It should be a no-brainer for a small group to form, to recruit members from inside or outside the organization, and to communicate securely. A few software-based solutions exist, although none is as well-known or widely used as it should be.

Interestingly, the possible threats that we asked survey respondents to rank scored in a similar fashion regardless of the respondents’ role within their organizations. The overall sample and executives each ranked malicious code as the most likely threat — 84 percent of all respondents and 89 percent of executives listed it as one of their top three concerns. Employee error came out second, at 77 percent and 76 percent respectively, with hackers scoring third, at 72 percent for both groups. Sabotage by former employees — including those of business partners — rang in at fourth, with 61 percent and 60 percent of the respective groups ranking it as a top concern.

Networking hardware offers several  ways to create internal compartments to help defend against the threats that worry our readers. Almost all managed switches offer customers the ability to create VLANs with minimal effort. Traditionally, VLANs have been used to segregate network protocols within a switch or a group of switches, for example, isolating AppleTalk traffic from TCP/IP to improve network throughput.

But network managers can also use VLANs to confine traffic flow within a department or even a workgroup. As long as each VLAN either contains such basic resources as file shares and printers or has a route to these resources on another internal network, VLANs provide a relatively well-understood means of corralling packets and minimizing the opportunities that hostile intruders or wandering employees have to disrupt operations.

Software presents a more flexible and dynamic way to compartmentalize an enterprise. One of the biggest missed opportunities is secure e-mail. Because all of the major e-mail clients support S/MIME (Secure MIME) encryption, e-mail can in principle be used to form a kind of ad-hoc VPN. In practice this almost never happens — most people don’t even know it’s possible to acquire a digital certificate, transmit a public key in signed messages, and use public keys received from communication partners to encrypt messages to them. The few who do try this procedure learn that, even when they find a partner who is willing to tango, there are trade-offs.

Digital IDs don’t migrate easily from machine to machine or from application to application. Data that’s hidden from prying eyes is also hidden from users’ own local search engines and from corporate content scanners. If lots of people were using secure e-mail, we’d find ways to address these issues, but we wouldn’t solve all of the problems. E-mail is not “complacency-immune,” as Groove Networks founder Ray Ozzie  likes to say. If you don’t know or care about security, e-mail does nothing to help you.

The Groove software is immune to such complacency. Unencrypted communication is simply not an option. Built for small groups that are formed by invitation only Groove’s cellular architecture bakes in security so that it never needs to be bolted on. As with secure e-mail, the problem becomes one of modulating the effects of such security. That is, of course, a good problem to have, compared to the alternative — and common — lack of any internal security. Groove has always supported the philosophy that “that which is not permitted is prohibited,” and the recent evolution of its software has provided more ways to define what is permitted. When Groove identities are centrally managed, IT administrators can oversee the formation of shared spaces and activity within them. Shared spaces are still not indexed and searchable, but the Groove Web Services interfaces can be used to make them so.

As our readers revealed in the Security Survey, they have a pressing need for ad-hoc VPN capability. Secure e-mail and Groove are two viable ways to get it now. The flurry of interest surrounding Waste , the secure peer-to-peer software that AOL’s Nullsoft division released and then hastily withdrew last month, suggests that other options may soon emerge. The societies fenced in by our firewalls are complex, and we need more than a few tools to manage their safety.

(For more analysis from our security research, see 2003 InfoWorld Research Report: Security.)