Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
Security in the Growing Wannabe Enterprise

Saturday, March 26, 2005  

When most companies talk about enterprise computing, they mean Large Companies. Big Stuff. Fortune 500. We're a small company that's growing about 20-40% YoY. Still small, though. I don't think we've even hit Medium Sized yet. That's OK. What's not OK is that our desktop security strategy still looks a lot like what we had 8 years ago. That's bad. While our perimeter security has improved tremdously, we have a soft underbelly that needs to be protected. I've been looking at running a Scrum to deliver on what I want to see, with the following goals in mind:

1. Protect the desktops against spyware/adware/keyloggers/Trojan horses/etc.

2. Protect the network against unclean machines (and/or send them to a site to be "healed." Heh).

3. Get a single sign-on scheme implemented for internal & external customers. The proliferation of passwords is ridiculous. Two-factor authentication is necessary for internal users as well.

4. Depending on how #3 works, perhaps get some sort of escrow for generic administrator passwords so they can't be issued or used without dual controls.

#1 we're addressing with Cisco Security Agent. It seems to be pretty impressive. We currently have it running in "test mode" on 70% of our desktops and 100% of our Citrix servers. We're looking to it to stop malware, especially what Internet Explorer lets in the door.

I'm looking at using Cisco Clean Access to address #2, although I think the creative minds on my staff should take a look at other solutions out there as well. The same goes with #3. I've seen some interesting products from Passlogix that might work. On a more limited scale, SSO products for web-based apps like Netegrity Siteminder or other SAML-based solutions could be of interest. I'm not sure what we need here.

I came across an interesting piece of marketing collateral a few days ago. The company is Symark and they have a hardware appliance called PowerKeeper that's kind of interesting. It's an appliance that escrows generic admin account passwords for Unix and Windows.

I'd *reallky* love to see an identity management solution with role-based access control that costs less than an arm and leg, works on both Linux and Windows, and provides SSO with multiple back-end repositories, but I'm not expecting it anytime soon. What I've outlined above should be good enough for the next 3 years.

posted by Henry Jenkins | 3/26/2005 05:47:00 PM

tried websense yet? saw a demo of it, was pretty cool. Expensive for what it is i thought.
Post a Comment
the author
open source