By placing security modules in its Catalyst 6500 switch, Cisco Systems Inc. has started to blur the line between
network operations and security operations. It's a line that's likely to only get fuzzier.
With this product and others that are likely to follow, it is less and less clear who should make purchasing decisions and who should manage the modules, said Dave Passmore, research director with the Midvale, Utah-based research firm, Burton Group.
"The people who run the Ethernet switch are not the same people [that] run the firewall," Passmore said. "By putting all of this in the same box, [San Jose, Calif.-based] Cisco has created an organizational problem: who owns the box?"
It's a problem that WebEx Communications Inc., a Web-conferencing company, had to face when it decided to use the new security module switches. Hesham Eassa, a manager of network design engineering at WebEx, which is also based in San Jose, Calif., said that in the beginning the network and security groups had to work out the purchasing decision together.
Once they decided to go with the modules, they had to negotiate over which group would take responsibility for various aspects of the system.
"The solution was not immediately obvious," Eassa said. "But we were able to resolve it fairly quickly."
In the end, Eassa said, the network people took responsibility for everything that was in the bit stream. The security people were relegated to determining the security parameters.
As the system undergoes testing and nears its rollout, it has spurred communication between the groups, Eassa said. It's communication that they better get used to, Passmore said. Security and networks are likely to become only more integrated.
FOR MORE INFORMATION: