Security has become a far greater priority, but at the same time has become a far more complex business, says Gilad Niv, product manager for BMC’s security products division.
E-commerce places a demand on IT resources, human and computer, beyond security, says Niv. Developments have to be rushed to market to stay ahead of competition. “Change can get overwhelming and what suffers is security.”
The management of security suffers particularly, he says. Security procedures are decided for each platform at the time it is set up and no one has the big picture of who in the company is allowed to go where on the network and access what files and databases. Centralised management, Niv says, ensures there is one password or limited set of passwords for each user. It gives the user more control and responsibility for changing his/her own password at any time. As long as there is a central record, there is little risk of personally managed changes creating inconsistencies.
Coordinated passwords avoid what Niv calls the “sunflower effect” – the forest of yellow Post-It notes stuck to the edge of the computer screen as a reminder of multiple passwords. BMC had visited one overseas installation – which Niv and other spokesmen decline to identify - “where the security administrator had 33 passwords written on the whiteboard in his office.”
BMC's solution, in the form of Incontrol for Security Management, came out of its takeover of Israeli firm New Dimension Software. BMC’s security research and development is still concentrated in Israel, where Niv is based.
User ID and password is still sufficient security for most applications, Niv says, but public-key infrastructures “will take over in time”. Three years ago, PKI “attracted a lot of hype”, he says, but it was too complex for many organisations, even larger ones, to implement. The task has eased slightly, but constructing a PKI is still a major task likely to consume “big chunks of money”.
BMC is ready to support PKI and in general is “making our solutions open to all those alternative methods, including biometrics,” says Sydney-based programme manager Andi Mann.
Niv was in New Zealand to visit some of the corporates it sees as its most promising prospects and to link with potential partners such as the Big Five consultancies locally. He had not been to see the people at the State Services Commission’s e-government unit – enmeshed in security implementation and seeing a role as a disseminator of the security gospel to New Zealand businesses.