Enterprise Security Framework - Compaq 108164-003 - ProLiant - 800 White Paper

W P
HITE APER
(cont.)
. .
. .
. .
. . E S
N T E R P R I S E
. .
. .
To clarify security solutions and determine a practical roadmap for the deployment of enterprise
. .
. .
security, Compaq has developed the Enterprise Security Framework. Using this framework,
. .
Compaq's enterprise customers can get a birds-eye view of the security market, judge the suitability
. .
. .
of a solution set, and develop both short- and long-term deployment strategies for their enterprise
. .
security requirements.
. .
. .
The foundation of the security framework is the criteria set it uses to classify security solutions (see
. .
. .
Table 2). The framework gauges these solutions relative to:
. .
. .
Robustness.
. .
. .
Comprehensiveness.
. .
. .
. .
Performance.
. .
. .
Manageability.
. .
. .
. .
. .
TABLE 2: SECURITY SOLUTION CLASSIFICATION
. .
. .
. .
. .
. .
Robustness
. .
. .
. .
. .
. .
. .
. . Comprehensiveness/
. .
Interoperability
. .
. .
. .
. .
. .
. .
Availability/Performance
. .
. .
. .
. .
Ease of Use/Integration
. .
. .
. .
. .
. .
. .
. .
Each of these criteria is a critical determinant of how effective or appropriate a solution may be to
. .
. .
an individual enterprise.
. .
. .
The Enterprise Security Framework establishes "levels" of security based on these criteria, which
. .
. .
begin to shape a conceptual roadmap for enterprise security (see Table 3). Each level describes a
. .
solution based on how it performs against the above criteria. As solutions move up levels, from A
. .
. .
to B to C, these solution sets become sounder and more comprehensive, perform more consistently,
. .
and are easier to use. Enterprises may choose the level of security (and thereby the solutions)
. .
. .
appropriate to their needs.
. .
. .
. .
. .
. .
. .
. .
. .
. .
18
F
E C U R I T Y R A M E W O R K
Security Level Criteria
How sophisticated an attack can the security solutions withstand? This criterion gauges a
solution's effectiveness in determining/repelling the efforts of different levels of security attacks
(i.e., those ranging from casual to planned). It can also measure the technological advancement
of a solution set.
How complete a solution does the security measure offer? This criterion rates a solution set's
ability to provide a security solution that extends from the local client/server platform to external
network interactions. A solution's relative comprehensiveness can be judged by the variety of
attacks it protects against (e.g., impersonation, denial of service, theft) and the security objectives
served (inter-enterprise communications).
How "available" will the solution be and how will it affect system performance? These criteria
measure how transparent the execution of the technology is (e.g., how fast is it in operation?).
How easy to install, use, modify, and manage is the solution within a platform or enterprise
environment? This criterion gauges whether a solution provides security in a way that users and
administrators will actually use, as well as the centralized administration tools they need to
manage the solution over the long term. It also measures whether enterprises can integrate a
solution seamlessly with the existing product set.