May 10, 2001, 1:10 PM — AS A MAJOR force in networking, Cisco focuses on all things related to security and VPNs. In an interview with InfoWorld Editor in Chief Michael Vizard, Cisco executives Richard Palmer, vice president and general manager of Cisco's VPN and security business unit, and Dave King, the unit's director of marketing, talk about how network security will evolve as the issue becomes more intertwined with every aspect of enterprise computing.
InfoWorld: How is the hardware model that we use to deploy security software evolving? Are we moving to an appliance model, or is this software ultimately going to be embedded into every device on the network?
Palmer: I think you'll see both models. The first trajectory is movement away from a workstation, or general-purpose CPU platforms running software, to an appliance model. That's something that we've believed in for the last three or four years. But we also believe that, in order to deploy security throughout a network infrastructure, it makes sense to integrate those security capabilities into network infrastructure elements. One notable example is the intrusion-detection blade that we announced last fall that's embedded in our Catalyst 6500 systems. This obviously is important in enabling intrusion detection to scale in places in the network where it's closer, for instance, to Web server farms and other high-gigabit Ethernet environments.
InfoWorld: Why is it that security tools remain difficult to deploy and maintain? And do you see this process getting any easier?
Palmer: I think that's changing. When security was the separate province of a special group within the enterprise, it was walled off from the rest of IT. In many cases it was the province of a group of people whose mission in life was to say no to what other people wanted to do. We see security now being much more integrated into the mainstream of IT activities, particularly as it's seen as a fundamental component of any e-business infrastructure. Second, we believe that, increasingly, people are looking at security as not something just to be deployed, for instance at the perimeter, but something that has to be pervasive throughout the e-business and network infrastructure. For that reason security has to be looked at as the total system. Finally, I would say that people have a much more accurate view of security today. It's not something that you can do with one product or a set of products; it's not something that you can arrive at 100 percent. It's something that is probabilistic. It's something that has to be part of every single network design. It's something that has to be ingrained in both the design of the network and [the network's] operations. We think we're playing a major role in making that happen.