When it comes to protecting corporate assets there seems to be little security managers don’t worry about.
That was the impression of security executives attending the recent Converge 2006 conference — also known as security vendor Courion’s annual customer meeting.
A survey of 54 security executives undertaken by Courion and the Executive Alliance consultancy, and released at the event, showed the top security concerns are:
• Unauthorised systems access
• Customer data breaches
• Sabotage (internal and external)
• Theft of intellectual property
• Cost of administration
Unauthorised network access from remote or mobile workers is another major concern.
“We need to get a better handle on teleworkers and remote access. My greatest concern going forward is the increased use of public airways for such access,” says Suzanne Hall, director of IT operations and security for AARP in Washington, DC. AARP has some 2,000 workers at 65 sites across the US linked over a frame relay-based WAN in most cases.
“One of the keys to our success is to mobilise our volunteers across the US, so we have [to have] tools in place to ensure these people can communicate. We use mostly SSL VPN technology and have had pretty good success with it.”
Hall says she is looking forward to Microsoft’s Vista operating system being released because Microsoft says it will make it easier to add endpoint security, especially for mobile and remote access workers. “That is promising,” she says.
Remote-access security is a concern at Federal Mogul, a US$6 billion car parts company in Michigan. But it’s not the primary concern right now.
The company has embarked on a three-year journey to retire more than 40 ERP platforms it now supports and bring up eight instances of SAP software in its place.
It is also installing an identity-management system to help secure its entire operation. Added to that, the company is in the process of standardising on Microsoft products — everything from Active Directory to Exchange to SharePoint, with Courion’s provisioning suite Dynamic Community, says Ryan Miller, director of global information assurance for Federal Mogul.
“It is a massive, complex undertaking,” Miller says. Identity management is a top priority for Federal Mogul as each employee now has on average seven passwords to gain access to various systems and “I have over 12 passwords,” he says. The firm has 108 manufacturing sites and 42,000 employees spread over the United States and across the globe, including Asia, Africa, Europe and South America.
“We have no standard access methods nor unique employee identification methods, so that’s at the top of the list to be changed,” Miller says.
Despite the company’s extensive efforts, Miller is thinking about future security.
“Network access control, particularly Cisco’s [Network Admission Control] is intriguing to us, but our main question is: do we want to separate out network admission control with a separate system, using something like Symantec’s tools, or keep it in the network with Cisco? We haven’t made those decisions yet,” Miller says. Federal Mogul has a network made up of ten or so vendors and includes everything from point-to-point frame relay connections to ISDN backup capabilities, Miller says.
Another issue on the horizon involves the factory floor. Miller says that, from a manufacturing perspective, all the equipment on the shop floors that used to be dumb is becoming more intelligent. “Everything has an operating system and is basically becoming an intelligent multifunction device. Those kinds of devices are rapidly becoming a concern where they weren’t in the past.”