Don’t reinforce the firewall, detonate it

Don’t reinforce the firewall, detonate it

View photo

Don’t reinforce the firewall, detonate it

Enterprise security has always been a top IT priority, with a firewall as an established line of defense. In the best of cases, outsiders stayed out. However, collaboration no longer is confined to brick-and-mortar walls. And as access needs have become complex, that firewall might actually be hindering security, as well as stifling innovation.

Some 25 years ago, U.S. President Ronald Reagan stood at Berlin’s Brandenburg Gate and issued his famous imperative to Soviet Union General Secretary Mikhail Gorbachev: “Mr. Gorbachev, tear down this wall!”

It was electrifying, exhilarating, and ultimately liberating as the wall fell in November 1989.

In the technology realm, an idea just as revolutionary to enterprise security has business executives and IT security types all aflutter: Detonate the firewall.

Firewall harms collaboration

Likewise, enterprise executives don’t fully comprehend a world beyond the firewall. But workers in a global marketplace are finding these barriers keep them from doing their best work, their best research, and their best collaboration with internal and external partners.

A Forrester Research report* on the problem noted, “Forrester’s data suggests that as many as one in four information workers work more with people outside their organization than inside.” And Dr. Barbara Endicott-Popovsky of the University of Washington notes that inquiries into intelligence failures after 9/11 found problems with collaboration between agencies due to firewalls, which can create silos.

Like security blankets, firewalls feel familiar, cozy, reassuring. And as enterprises consider moving to the cloud and to an Internet-network hybrid IT model, they feel exposed as they step into the unknown. “The ramifications aren’t fully understood,” says IT security consultant Mike Gentile, a former certified instructor on firewall implementation and administration and author of two books on developing security strategies.


Cloud risks and rewards

Yes, it’s terra incognito, where enterprise security teams often oppose business teams pushing for faster, easier collaboration. But Gentile sees a future where this new Internet-network hybrid model, driven by cloud computing capabilities, will ultimately win out. “The business need for efficiency is winning over the security risk of moving to the cloud,” he says. “Over time, companies are getting more sophisticated about measuring the efficiency benefits against the risks.”

Endicott-Popovsky says the tension between security goals to protect data and business needs to innovate have always been at odds. The technology may be new, but the dilemma is classic. “It’s always a trade-off between ease of use and security,” she says.

And firewalls were put into place for good reason. “The threats are asymmetric,” she says. “Someone on the wrong side has to be right only once. Someone on the security side has to be right all the time.”

Multilayered security approach

Securing today’s global enterprise is tall order, one that allows organizations to leverage the advantages of cloud computing while protecting access internally and externally.  

The decision to abandon the firewall and move to the Internet-network hybrid model goes back to the classic dilemma Endicott-Popovsky identifies: “One perspective is to unleash ourselves and go about our business, and the other is, ‘We’re going to lock everything down.’”

Somewhere in the middle, technology has left the debate behind as it vacillates between those extremes. It’s gone warp speed. “We’re in a time of explosive technological growth,” Endicott-Popovsky says, noting that younger workers have no patience for slow-moving employers. At some ultra-secure government organizations, for instance, workers must check their smartphones and tablets at the door. She adds, “I can tell you stories of young people not going to work at such organizations, or turning down jobs at a company that won’t let them bring devices they view aren’t necessary to do their jobs.”

Those are the kind of losses enterprises can’t afford: potential innovators and top performers turned away by overprotective policies. And a firewall.

Hear about future innovation trends in the February 21st Innovation Insight webcast. Join HP Enterprise Services CTO Chris Moyer for his views on “Five forces that could make or break the next-generation enterprise.”  Register now.


 *“Globally Competitive Markets Demand Businesses Collaborate Beyond The Firewall,” Forrester Research, Inc., Feb. 9, 2011

View Comments (2)