Management vs. Crisis Management
With Internet and network computing driving virtually all
business practices, network availability is practically synonymous
with operational success. Network management is a crucial
part of the security process involving the ongoing monitoring
and maintenance of corporate networks. In other words, network
management is an activity or service that utilizes a variety
of tools designed to assist network managers in effectively
overseeing the activities on their network. Its main purpose
and ultimate goal is to ensure the consistent security, reliability,
and optimum performance of the system. It is also a key procedure
necessary to remain compliant with the government legislations
such as Sarbanes-Oxley. So why is it that smaller enterprises
do not follow through with such a critical process?
This oversight can mostly be attributed to lack of resources.
Network management is made up of five distinct areas; performance
management, configuration management, accounting management,
fault management, and security management. Each of these areas
requires dedicated resources for monitoring and maintenance.
Most small and medium sized organizations face the same IT
tribulations; lack of expendable income and a shortage of
qualified IT professionals. Combine that with the proliferations
of Internet threats and the ever-quickening pace of technological
developments, it becomes nearly impossible for smaller companies
to consistently monitor and maintain the overall security
of their networks.
Instead, these organizations are prone to divert network
management into crisis management. Basically meaning administrators
do not deal with a situation until it is in a position to
cause a problem. On the surface, this appears to be the most
economical way to handle network issues, however, a reactive
approach to network protection is always a gamble. Not catching
a problem quick enough can result in debilitating and costly
network intrusions. These incidents can cost corporations
millions of dollars in recovery cost, downtime, and lost revenues.
In these cases the ends never justify the means.
A majority of organizations simply do not have the resources
to staff and maintain a network security operations center
which can be misconceived as the only way to fully provide
the proper management for every aspect of a corporate network.
That is not necessarily the case, however. A proactive approach
to network security management is the only answer and there
are plenty of options to help organizations with strained
IT departments and minimal monetary resources continually
protect their networks.
Outsourcing or at least farming out certain aspects of network
management is always a viable alternative. Outsourcing vendors
currently offer everything from remote monitoring to network
design and management and with more and more vendors offering
such services, pricing can be impressively competitive. If
an organization would prefer to keep all network management
operations in house, there are thousands of tool kits available
that if properly chosen, installed, and employed will help
simplify these often daunting and overwhelming administration
Wreski, CEO Guardian Digital, Inc.
the effectiveness of internal controls for Sarbanes-Oxley
compliance by enforcing corporate policies, Guardian
Digital SurfSecure provides an effortless and efficient
Internet filtering solution proven to substantially
increase employee productivity, conserve network resources,
and reduce legal liability. Pre-defined site lists make
administration simple by providing updated information
on websites and Internet categories known to present
problems in today’s corporations. Flexible access
controls allows administrators to choose the sites they
wish to block, and accept the ones they wish users to
access. Includes constantly-evolving collection of website
categories to provide fine-grained control over individual
user access. Combining flexibility and functionality,
SurfSecure allows administrators to balance work related
and personal surfing permissions by configuring access
based on groups, departments, or individual users, providing
organizations with the powerful, customized protection
only available from Guardian Digital.
more about Guardian Digital SurfSecure
Digital In the News
U.S., International Space Organizations Turn to Open Source
Guardian Digital's partnership with the Government
of India was featured in a recent Information Week article
highlighting the company's open source solution for
India's Space Research Organization.
Indian government outsources Linux security to New Jersey firm
Indian government outsources Linux security to New
Jersey firm Guardian Digital, based in Waldwick, New
Jersey, is supplying security and productivity applications
for the Indian Space Research Organization (ISRO) headquarters.
And, according to Guardian Digital spokesperson Nicole
Pearson, ISRO made the first contact. "They were
originally looking for a secure mail server," says
Pearson, who noted that ISRO found Guardian Digital
through its online presence, not because of a sales
call or other direct marketing efforts.
What changes will I have to make to my email system
regarding Sarbanes-Oxley Compliance?
A. As you may already know, email
is a significant aspect to corporate communications.
It is one of the most prominent avenues for business-related
discussions as well as critical information transportation,
and data maintenance and storage. Part of Sarbanes-Oxley
is to ensure that the integrity of corporate information,
with special regard to financial data, remain in tact
so that any weaknesses within the business can be easily
identified, reported on, and accountability can be established.
Since e-mail systems are the most widely used and widely
exposed areas of a technology infrastructure they must
be secured in order to comply with the appropriate internal
controls mandated by the legislation.
In order to do this effectively, corporate e-mail systems need to be protected, in order to ensure that different threat vectors are eliminated. Therefore, if not already properly secured, a solution may need to be implemented that will actively enforce corporate email policies, mitigate the occurrence of offending mail and eliminate threats before data integrity can be damaged.
Guardian Digital offers corporate email compliance with Secure Mail Suite. Addressing the need for corporations to secure channels in which financial information may be transported or stored on email systems, Secure Mail Suite effectively utilizes encryption and authentication standards to protect against unauthorized access, spam, virus and anti-phishing protection, to defend mail systems from potentially harmful malicious code and network intrusions, and corporate policy enforcement tools to ensure mail systems are always being used for legitimate business purposes.
Behind the Shield editors encourage their readers to
submit questions. The most frequently asked questions
will appear in future issues. We look forward to answering
all your inquiries! Email us at firstname.lastname@example.org
& Tips from Experts
Most organizations can become SOX compliant by adding the
policies, procedures, and technology they already have. To
help the appropriate people accurately certify the necessary
information and the success of relevant business processes,
organizations are going to have to evolve current policies
and procedures to SOX compliance requirements. With regard
to IT departments, however, these policies will be created
to drive security and ensure the integrity of all information
contained on the network. Documented policies and procedures
set acceptable rules for employees and executives conduct
alike and furthermore, provide blueprints on how certain situations
should most effectively be handled eliminating guesswork and
Although properly executed acceptable use policies are a
good defense against many of the internal threats facing corporate
infrastructure, they cannot protect the integrity of corporate
Digital is pleased to provide Behind the Shield readers with
informative expert advice on what network security really
means. Each month a new topic of interest will be chosen to
supply you with useful tips and information not offered elsewhere.
This month, we'll have a brief discussion on steps to take
when considering outsourcing IT security services.
national and multi-national partners like Intelligent Decisions
in Virginia, Guardian Digital is able to provide Sarbanes-Oxley
compliance solutions to customers worldwide.
Founded in 1988, Intelligent Decisions, Inc. (IDI) is a fully
diversified, systems manufacturing, integration and IT solutions
company. Through its vast array of offerings and technology
partners, IDI is able to provide strategic solutions in areas
such as: identity management; storage, security and disaster
recovery; web services; system migration; and logistics support.
IDI has distinguished itself as a responsive and reliable
partner to the federal government and maintains a robust GSA
schedule and other contract vehicles supporting civilian,
defense and intelligence agencies.
To assist organizations with governmental legislation compliance,
IDI utilizes Guardian Digital solutions to provide a productive
and secure IT infrastructure. “A key issue with any
of these compliance regulations is the validity of source
of the information. One of the best ways to deal with this
is to impose multi-factor authentication on users. One of
the security applications that we build on the Guardian Digital
platform is a next generation multi-factor authentication
solution. With Guardian Digital, we are able to make our security
appliances secure and compliance-ready,” says Ted Ritter,
director of cyber security, for the organization.
information on Intelligent Decisions, please visit their website