A survey of 54 security executives done by Courion and the Executive Alliance consultancy and released at the event showed the top security concerns are: unauthorized systems access, auditability/compliance, customer data breaches, sabotage (internal and external), theft of intellectual property, and cost of administration.
Unauthorized network access from remote access or mobile workers is another chief concern.
"We need to get a better handle on teleworkers and remote access. My greatest concern going forward is the increased use of public airways for such access," said Suzanne Hall, director of I.T. operations and security for AARP in Washington, DC. "AARP has some 2,000 workers in 65 sites across the United States linked over a frame relay-based WAN in most cases. One of the keys to our success is to mobilize our volunteers across the U.S. so we have tools in place to ensure these people can communicate is key We use mostly SSL VPN technology and have had pretty good success with it."
Hall said she was looking forward to Microsoft's Vista operating system because Microsoft has said it will make it easier to add endpoint security especially for mobile and remote access workers. "That is promising," she said.
Remote-access security is a concern at Federal Mogul, a $6 billion auto parts company in Southfield, Mich. But it's not the primary concern right now.
The company has embarked on a three-year journey to retire more than 40 ERP platforms it now supports and bring up eight instances of SAP software in its place.
It is also installing an identity-management system to help secure its entire operation. Adding to that the company is in the process of standardizing on Microsoft products -- everything from Active Directory to Exchange to SharePoint -- with Courion's provisioning suite (Dynamic Community), said Ryan Miller, director of global information assurance for Federal Mogul.
"It is a massive, complex undertaking," Miller said. Identity management is a top priority for Federal Mogul as each employee now has on average seven passwords to gain access to various systems, and "I have over 12 passwords," he added. The firm has 108 manufacturing sites and 42,000 employees spread over the United States and across the globe, including Asia, Africa, Europe and South America.
"We have no standard access methods nor unique employee identification methods, so that's at the top of the list to be changed," Miller said.
Despite the company's extensive efforts, Miller is thinking about future security
"Network access control, particularly Cisco's [Network Admission Control] is intriguing to us, but our main question is, do we want to separate out network admission control with a separate system using something like Symantec's tools or keep it in the network with Cisco. We haven't made those decisions yet," Miller said.
Federal Mogul has a network made up of 10 or 11 vendors and includes everything from point-to-point frame relay connections to ISDN backup capabilities, Miller said.
Another issue on the horizon involves the factory floor. Miller said that from a manufacturing perspective all the equipment on the shop floors that used to be dumb is becoming more intelligent. "Everything has an operating system and is basically becoming an intelligent multifunction device. Those kinds of devices are rapidly becoming a concern where they weren't in the past."
No comments:
Post a Comment