3Com Corp. recently announced its Embedded Firewall architecture, offering enterprises security technology built into network interface cards (NICs). Not considered a traditional security vendor by most, 3Com is confident that the enterprise market will recognize its push for security as it concentrates on the issues that are affecting users. Network World Canada‘s Cindy Steinman last month had the opportunity to speak with James Teel, the company’s director of product planning, product and business management. Teel, part of 3Com’s Business Connectivity Company (BCC), the client group within 3Com, is based in West Valley City, Utah, and oversees the security program initiatives that the company brings to market, working across sales, product management and product development.
NWC: Security is now getting a lot of attention – it always did, but even more so now. Does the level of knowledge that the average enterprise has when it comes to implementing these devices affect or influence the design of these products, or the type of products that 3Com releases?
Teel: Certainly what we’re finding is the approach that we’re taking to this in the sense that it’s a network-edge, distributed solution, but it’s in hardware, is somewhat of an educational need for us – for us to educate the corporate world in terms of one, that it’s feasible to do. Two, it’s cost-effective and how it fits with the overall Internet security solutions that they very likely have in place today. Typically that’s the perimeter firewall. So it’s the scenarios of…you have no internal protection at the user level, nor do you have any protection or control when your users are mobile or migrate out. Having said that, I think they certainly understand the value of not tying it to an operating system – in other words, the value of it being imbedded. Which means they don’t necessarily really have to have a competency around any specific operating systems internally, so it makes that easier for them to manage. The idea or concept that it is centrally managed is a very big deal for the typical enterprise because, again, they want to be able to control this from a central location. Typically they’ve already got some sort of management console already in place anyway, and they want to be able to integrate what we offer in with what they already have.
NWC: 3Com is not known traditionally as a security company, so why should customers be choosing to go with something like this over something that they might be able to get from a more traditional security vendor?
Teel: I think it’s the brand recognition of 3Com within the enterprise. And again, when you look at security out to the edge of the network – in other words, secure connectivity is really what we’re selling here – 3Com is very well positioned to provide this type of capability. We’ve been leaders in the Ethernet connectivity space; we’re well-recognized in providing reliable connections into the network.
NWC: How does security fit in 3Com’s overall picture, within 3Com as a whole?
Teel: It’s pretty strategic, actually. BNC (Business Networking Company, 3Com’s network infrastructure arm) is continuing to develop and enhance their security product portfolio – we provide perimeter-based firewall solutions there today. Again, (for) BCC, this is our first offering. Our roadmap is very well-developed. We have some great ideas going forward, in terms of how we can enhance and broaden our offering, but at the end of the day we view this as certainly important to our customers. We think it’s a value-added solution that 3Com is well positioned to bring to our customers. And this is a proof-point. This is our first offering that adds value on top of a basic Ethernet connection into your network.
NWC: What are the plans looking down the road? This is obviously just a starting point – how do you see security being put into other devices in the future?
Teel: Frankly, we’ve got more ideas than we can really develop at this point in time. We see a tremendous opportunity for us in the wireless LAN area of applying this type of solution to some of the concerns that that technology brings forth. Those deficiencies and concerns have been well-publicized – I mean, it’s a wireless technology, right? Now, as a hacker if I’ve got a sniffer out there and I’m within range of your network I can listen and capture information. So there’s a real concern around the security aspects of wireless LANs. We believe our solution can provide some tremendous value there and that’s certainly an area that we will be going to in the future.
NWC: A lot of the new products we have been seeing from 3Com have been in the wireless LAN area.
Teel: Exactly, and we’re well positioned to take advantage of that. Again, case in point: we already have a strong and diverse wireless LAN portfolio, and we’re developing the architecture as such that this embedded firewall technology can be implemented directly into our wireless LAN products also. Bluetooth as well – I don’t see a tremendous need for this in a Bluetooth environment today, but we’re not precluding that going forward.
And then the real big opportunity, and I think this is further out, is (to) think about the cellular operators, in terms of GPRS and third-generation cellular networks. As they speed those data networks up, it’s really Internet over the air. It’s packet-switched, it’s always on. Always-on creates another security vulnerability because you’re always on the networks. Same issues that you have at home when you’re always on, connected through your DSL or cable modem. So we see an opportunity there, longer term, to apply this to PDAs, cell phones, as more and more data is transmitted wirelessly. As the pipes get bigger, the need is going to be greater.
NWC: Would you be directing this product to, and talking to, the higher-level people within a corporation, or would you still be speaking to say, the network administrator or manager – the people who are down there having to put these things into place?
Teel: That’s a great question. I think more and more we’re finding ourselves speaking to the directors or C-level folks within the organization, because they’re setting…they’re defining security policy for the entire organization. And I think it’s imperative that we’re having discussions with those people, whether it’s a CIO, CEO or [chief security officer.]
Having said that, however, I think at the same time we need to educate the traditional IT side of the business to make them aware that our solution and this concept exists, is feasible and is certainly an enterprise solution that they can take advantage of. So we’re really addressing both sides of the business.
NWC: Many vendors have been shifting who they are targeting and who they are dealing with to a much upper level, whereas it used to be the people who were actually having their hands on this stuff. The CIO-level people are implementing the policies, but when it actually comes down to having to implement and use the technology, it’s the techies who are doing it.
Teel: Exactly, so obviously they’ve got to be bought into the solution and feel comfortable that it fits with their existing infrastructure and existing environment. So it’s very much a hybrid…from a decision-making point of view. We all can still encounter, even the buying decisions being made from the IT side of the business, although I see more of that trending toward more of a corporate oversight function. But still, at the end of the day, the administrators need to feel comfortable that this solution is going to work and is going to meet their needs. We’re having to cover both of those. And that’s the challenging part, frankly, to do that.
