Logic of Logical rubbished

A top Ovum analyst has rubbished the growing security trend for splitting corporate departments into firewall-wrapped security zones

Graham Titterington, corporate network security analyst at Ovum, stated the zoning method of dissecting enterprises into specific departmental zones - as recommended by IT security consultancy Logical - is not economically viable and will block business processes.

Titterington said: "Putting barriers up between departments is getting in the way of business processes and I've never come across a company that needs to defend at a departmental level.

"Presumably this method is to increase the market for firewalls. I don't think Logical has got its strategy right."

Simon Clifford, consultant with the Logical security practice, said: "Users themselves are the biggest risk and they need to be protected. That's a good enough reason for them to be zoned off."

But Clifford added Logical has to be careful not to zone too much and cut the user off from file and print services and admitted his ideal recommendation of a firewall pair and intrusion detection around each department was expensive.

Clifford said: "The costs are prohibitive and it's painful to split the physical fabrics of a company. Zoning architecture will increase initial spend on IT, log traffic between zones generated by more firewalls and intrusion detection systems will quadruple.

"The time spent by the person that consolidates log files and watches for intrusions will increase according to the number of security policies added."

Gunter Ollmann, principle consultant at ISS, said overheads will definitely rise because of equipment, licensing costs of individual firewalls and the time taken to monitor the tools.