Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
Security in the Growing Wannabe Enterprise

Saturday, March 26, 2005  

When most companies talk about enterprise computing, they mean Large Companies. Big Stuff. Fortune 500. We're a small company that's growing about 20-40% YoY. Still small, though. I don't think we've even hit Medium Sized yet. That's OK. What's not OK is that our desktop security strategy still looks a lot like what we had 8 years ago. That's bad. While our perimeter security has improved tremdously, we have a soft underbelly that needs to be protected. I've been looking at running a Scrum to deliver on what I want to see, with the following goals in mind:

1. Protect the desktops against spyware/adware/keyloggers/Trojan horses/etc.

2. Protect the network against unclean machines (and/or send them to a site to be "healed." Heh).

3. Get a single sign-on scheme implemented for internal & external customers. The proliferation of passwords is ridiculous. Two-factor authentication is necessary for internal users as well.

4. Depending on how #3 works, perhaps get some sort of escrow for generic administrator passwords so they can't be issued or used without dual controls.

#1 we're addressing with Cisco Security Agent. It seems to be pretty impressive. We currently have it running in "test mode" on 70% of our desktops and 100% of our Citrix servers. We're looking to it to stop malware, especially what Internet Explorer lets in the door.

I'm looking at using Cisco Clean Access to address #2, although I think the creative minds on my staff should take a look at other solutions out there as well. The same goes with #3. I've seen some interesting products from Passlogix that might work. On a more limited scale, SSO products for web-based apps like Netegrity Siteminder or other SAML-based solutions could be of interest. I'm not sure what we need here.

I came across an interesting piece of marketing collateral a few days ago. The company is Symark and they have a hardware appliance called PowerKeeper that's kind of interesting. It's an appliance that escrows generic admin account passwords for Unix and Windows.

I'd *reallky* love to see an identity management solution with role-based access control that costs less than an arm and leg, works on both Linux and Windows, and provides SSO with multiple back-end repositories, but I'm not expecting it anytime soon. What I've outlined above should be good enough for the next 3 years.

posted by Henry Jenkins | 3/26/2005 05:47:00 PM
Comments:
tried websense yet? saw a demo of it, was pretty cool. Expensive for what it is i thought.
# posted by Blogger Parnell : 7/02/2007 5:05 PM
 
Post a Comment
search
Google

Search blog
Search WWW
the author
Send your comments to henry.jenkins{at}yahoo.com
RSS feed here.
archives
links
Media Links
InfoWorld
CIO Online
CIO Insight
SlashDot


Blog Links
John's Jottings
Windley's Enterprise Computing
Doc Searls
Robert Scoble
Joel on Software
Jeremy Zawodny
Not a PHB
Virtualization Info
open source
LinuxWorld
Linux Magazine
The Open Enterprise
SourceForge
vendors
VMWare
Microsoft
Softricity
PlateSpin
Citrix
Captaris
Veritas
Symantec

Debian
Red Hat
Perl
Python
The Mono Project

Network Appliance
Dell Computers
Cisco Systems
stats

Get a GoStats hit counter
reading