Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Case Study: UTM's weakness: a single point of failure

But easier compliance could be the deciding factor.

Article comments

Protecting the secrets of a uranium enrichment plant should be enough to keep any CIO very busy. But when Sarbanes Oxley mandated even tougher controls on databases containing key financial information, David Vordick, CIO of USEC, a $1.9 billion public company that operates a gaseous diffusion plant in Paducah, Kentucky, knew he was going to get even busier.

His security defences are complex and multi-layered; and while simplicity is generally a good thing, it's not Vordick's priority. "Our philosophy is defence in depth. That means looking at multiple (security) products from multiple vendors. We can not be dependent on any one layer," he says.

Not every CIO has the same worries as Vordick, of course. But as regulations like SOX and PCI standards place increasing demands on IT's security capabilities, more and more companies are choosing to simplify network defence by using a security appliance that combines hardware, software, and networking technologies. US companies spent $3.85 billion on network security appliances in 2006, an expenditure expected to nearly double by 2011, according to market researcher IDC.

As USEC designed its security architecture, Vordick and his team had a wealth of options. They could have chosen to install one or more UTM appliances, devices that handle multiple threats from a single chassis, or opted for a series of single function, best of breed appliances.

USEC choose a best-of-breed database security appliance by Guardium, plus point products from other vendors, largely because the defence in depth strategy meant that the convenience of deploying and managing a single device was outweighed by the fear of creating a single point of failure, Vordick says. Moreover, USEC sought a security appliance that would serve as a check on IT employees with privileged database access who might seek to view or change data without proper authorisation, an atypical function for a UTM.

The choices regarding network security appliances are complex, but your decision won't just come down to a technology issue, says John South, senior security consultant for Plexent, a Dallas-based IT service management company. "The real question is how do we get our business done and still protect the corporation?" he asks.

Here are some of the issues South suggests you consider regarding security appliances: How does security fit into my overall architecture, and where is the boundary of my network? How many people will it take to support my choice; do I have the staff or can I count on support from the vendor? If I choose a UTM, do I know that the services are well integrated and the device is ultra-reliable; if I choose a series of point products, will the overall solution be able to handle a blended threat, and do the separate devices work well together? Does the appliance, best of breed or UTM, offer adequate reporting capabilities?

And if you're thinking of combining functions in a UTM, consider this: Services such as firewalls, VPNs and intrusion detection are not particularly compute intensive, but are latency intolerant. Anti-virus, URL filters and the like are compute intensive, but much more tolerant of latency. Mixing the two classes of services on your network can slow down applications that are sensitive to latency, says South.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *