Tuesday, October 10, 2006

Securing Your Data for Internet Access

Firewalls and virtual private networks make it safe to access project data on the road



If the recent U.S. presidential election taught us anything, it underscored just how frustrating manual processing can be in the age of computerization. Many of us have experienced similar frustration when trying to access project files from the road. When we can check our e-mail from a hotel room, why can't we also call up the client drawings we were reviewing in the office the day before?

For More Information

Virtual Private Network Consortium www.vpnc.org
International Engineering Consortium - Online VPN Tutorial www.iec.org/tutorials/vpn
VPNcon www.vpncon.com


The Internet has raised our--and our clients'--expectations. But when it comes to accessing corporate data on the Internet, while we engineers are liberals, our IT support staff are conservatives. We want Internet access to our data everywhere, all the time. Their job is to protect that data. The technology exists to make both parties happy. The problem is that most companies' internal infrastructures cannot communicate directly with the Internet.

UPGRADE: EXPENSIVE, BUT EFFECTIVE

The first step is to upgrade your operating system and firewall software. You also might consider integrating security hardware such as magnetic-stripe card scanners or biometric identification devices. Upgrading is a major investment, but it will make all of your data accessible over the Internet to every computer or person the firewall recognizes as an authorized user. Still, converting old technology is time-consuming and expensive, particularly for companies with numerous servers, typically requiring more memory, disk space, and speed in addition to new software.

Although upgrading your systems and software has benefits beyond efficient Internet access--and companies eventually will have to update their technology to stay competitive--electing to convert, even if you start today, won't meet your immediate need for corporate data when you're away from the office.

VIRTUAL PRIVATE NETWORKS

One option is to partially upgrade your systems by installing virtual private network (VPN) software. A VPN is a shortcut that maintains data security without requiring a major investment of capital or resources. It creates a virtual tunnel through the Internet by encrypting data and requiring passwords to authenticate the recipients. A VPN can be implemented relatively quickly. As an alternative to purchasing your own VPN, most Internet service providers offer fee-based VPN solutions.

ENCAPSULATION

If your existing IT infrastructure is fixed around older Novell, Apple, or other technologies, a VPN can be used in concert with other solutions for Internet access to at least a portion of your data.

One solution is encapsulation, a technology that packages your data in a special format. Encapsulation will safeguard your information during transport, however, it also will slow data transfer significantly, and require new hardware and software.

Another option is using a VPN to access an Intranet server. This solution won't bog down data transfer; however, you will need to plan in advance and download the data you think you will need from the corporate server before you depart. The only data you'll be able to access from an off-site location is information you placed transferred to the Intranet before you left the office.

You can also use VPN software to create a similar Extranet server. This option gives you and your clients access to data you've transferred in advance to the Extranet.

Security Starts With Policy

No matter which route you take to the Internet, start by establishing a corporate-wide security policy. Involve everyone who needs access to corporate data in high-level planning sessions. Decide who will be authorized to access your corporate data, what data you'll allow them to access, and when and where it will be accessible.