More than 18,000 attendees were expected at last week's Interop show in Las Vegas, the majority of them IT professionals looking to gain or give advice on their profession and find new technologies to work with. Three of them at the show shared with us what's on their minds.
Moving up the executive stack
Al Kirkpatrick, vice president and chief information security officer for The First American Corporation, says IT security professionals should push the agenda and influence how network security is applied in their companies, instead of being pulled around by demands from higher-up executives. There are several strategies to do this.
"You have to manage you network; not your IP network - the bits and bytes - but your personal network," Kirkpatrick says. "You can't get too bogged down in the technology." C-level executives are not interested in the minutia of network security technology, how viruses and worms work, or what types of systems are vulnerable. They care about profits and growth.
"You have to be in the club," he says. "Technologists have a hard time breaking into that - unless it's a technology driven company, they're seen as a support group. Spend time talking about the business to other executives."
Being seen as an executive peer and not a technology custodian can lead to better funding for new projects and more respect for how important information security is to a company.
"You also have to have candour with constituencies," Kirkpatrick says. If a business is pressing the security executive to "do everything now, and do it with 50 or 60 cents, and you just nod and say you'll try to do it - that's the beginning of the end."
Taking an honest approach about the importance of security, and what it costs to do it right, is a better tack. "You have to say here are the business risks, as opposed to 'Oh yeah, we'll figure it out.' Don't be backed into the corner, because you'll be regretting that as you wave to your successor coming in the door."
No compromising on co-operation
Jeff Sandbridge, information systems specialist with the State of West Virginia's MIS Office, says that there is no reason to be bullied or coerced into buying everything from a single vendor. In his network, Sandbridge runs more than 20 Nortel BCM IP PBXs, hundreds of LAN switches from Enterasys, and dozens of routers and security appliances from Cisco.
"I've had a lot of issues of people telling me that I have to have the same router vendor and switch vendor and phone vendor to make it all work," Sandbridge says. "But that's not true. Because as long as you stick to the standards-based stuff - and that's what Interop is all about, interoperability - basically, things will work together. We're dealing with standards and not proprietary stuff."
While vendors can bad-mouth each other in sales meetings and try to sway users to buy as much of their gear as possible, ultimately, it's in the best interest of all companies that things work together.
"I can sit down at the table [with] the rep from Cisco, Nortel and Enterasys, and we can work out solutions to problems; we do it all the time. That's one of the things I've built my career on" - working together with different vendors, Sandbridge says. "No one can get too greedy; everyone gets a piece of the pie and is happy."
The network should be the security system
Network security built into infrastructure products should work a certain way. Peter Hricak, senior network operations manager for LucasFilm, the company behind the Star Wars movie series and a creator of visual effects for other films, knows exactly what he wants.
"I really want role-based security in place," Hricak says. "I want a user to log in with more than one factor for authentication, so that I'm pretty sure it really is that user. And then I'll apply that security policy to the user, whether it's on the server front, or down the road on the switch. 802.1x is something that we're just really dying to get on the hard-wired side. The switch vendors have been great and have supported it for several years."
Hricak manages a network with multiple 10G Ethernet trunks and widespread Gigabit Ethernet, and even some 10Gig, to the desktop for high-end digital editing. While the Foundry-based infrastructure provides plenty of bandwidth, securing end-users via the network is one of his challenges.
"That's something that we're seriously looking at, to get authentication-based policies applied," he adds. "I want to know who a user is and give them rights only to what they're allowed to do. Then you can't spoof - logging in as one person on the network, then as another person on the application," he says. "It's not good enough to just lock a port to a particular VLAN. That port should really just be vanilla, until you authenticate and then turn the port into what you need."