CMP's TechWeb
Click here!

Search InformationWeek:

 Back Issues

 Today's News
 This Week's Issue
 Tech Stocks

 Benchmarking IT
 Resource Centers
 InformationWeek 500

Reader Services
 E-Mail Newsletters
 Contact Us
 Privacy Statement

Advertiser Services
 Editorial Calendar
 Media Kit
 Whom To Contact

Free E-mail
Sign Up Now
Member Login


Sponsored by:
Click here to visit Portal Wave!

TechWeb Sites
 Bank Systems
     & Technology
 eBusiness Expo
 File Mine
 Insurance & Technology
 Network Computing
 PC Expo
 Planet IT
 TechWeb News
 TechWeb Today
 Wall Street & Technology



March 20, 2000

Printer ready
Printer ready
Companies Strive For Simpler Security
Users seek technologies that fit into their infrastructure or easily improve data protection

By Larry Kahaner

Illustration by Patrick Corrigan
Related links:
  • sidebar: Public Key Infrastructure Becomes E-Commerce Enabler

  • Act Now To Protect Your Data (2/28/00)
  • And from our sister publications:
  • TechWeb White House Presses Industry For Security (2/15/00)

  • Network Computing Hammering Out a Secure Framework (1/24/00)
  • TechEncyclopedia
    Need a definition of a technology term? Look it up here:

    Send Us Your Feedback
    Simplify, simplify, simplify. That has become the rallying cry for many companies when it comes to security.

    Ideally, users want to use security technologies that fit seamlessly into their infrastructure or that easily improve their methods of protecting their companies' data. Kirk Kness, assistant VP of the applications architecture group at T. Rowe Price Inc. in Baltimore, subscribes to that belief. Without a secure infrastructure, the online financial services his company offers consumers would be impossible. Users need to know that the financial transactions they make over the Web are private and secured. Kness needed software that would ensure this, while letting T. Rowe Price keep its policy-based management mandates intact. "You can't look at security as a disabling technology; it's an enabling technology," he says. "If software can't be flexible and let you put your policy on it, then you haven't got anything."

    The company turned to IBM's suite of Tivoli SecureWay products because it provided that flexibility. SecureWay offers security and network policy integration through a single administrative console and repository for policy information. IT managers can set the business policies and store the rules--such as which individuals have access to what information--in a common directory accessible by SecureWay and other applications.

    Because of concerns about hacker attacks, Kness wouldn't provide many details about how the security software conforms to T. Rowe Price's network policy rules, but he did say that the smooth enforcement of authentication and encryption are key issues for the company. For instance, T. Rowe Price lets companies manage their 401(k) plans on its Web site, and Kness says the software makes it easy to set protection policies at either higher or lower levels, according to the customer's request. T. Rowe Price also gives individual investors access to their personal portfolios online and uses the Tivoli products to interact with Wall Street research houses.

    IBM's Tivoli Systems division developed its SecureWay series after it found that only 5% of its clients were doing online transactions, mainly because of security concerns. Bob Kalka, SecureWay product line manager, says the company discovered this during a massive study in 1998 of 44,000 accounts. "What we learned radically changed our view on security," he says. IBM discovered that users didn't want to change their management procedures and policies in order to accommodate security measures. Since they couldn't get unobtrusive security fixes, they opted not to engage in E-commerce at all. "Users were saying, 'Make it secure, but don't make it difficult to use,'" Kalka says.

    Companies can use SecureWay to protect not only customer and partner interactions, but employee transactions as well, IBM says. For instance, Kalka says, some companies need their security software to conform to a tiered purchasing policy, whereby some employees are allowed to buy items for less than $5,000 online without supervisor approval, while others might need a superior to sign off on the purchase. "Our solution has to accommodate that particular policy decision," Kalka says.

    Hardware-authentication devices are helping IT administrators with another security hassle: the password problem. In a recent survey of 2,500 large global companies by Forrester Research, 98% of the respondents said they still employ passwords and user names as their primary means of authenticating users. Password maintenance and password security also ranked as the two most significant authentication issues users at these companies face. Industry experts estimate that 20% to 40% of all calls to a company's help desk are password-related. "The question people are asking is, 'How do I monitor authorized activity without burdening legitimate users?'" says Bill Spernow, research director in Gartner Group's information security strategies group.

    Hardware-authentication devices can replace the traditional passwords or personal identification numbers typed into a keyboard and save IT organizations time and money. "A large telecommunications company we deal with spends a half-million dollars a month on password maintenance," says Scott Edwards, manager of Compaq's Deskpro products. Compaq is one of the vendors offering alternatives in the form of biometric security products and smart cards. 2

    Illustration by Patrick Corrigan

    Back to This Week's Issue
    Send Us Your Feedback
    Top of the Page

    Home | Career | Financials | Date Book
    Resource Centers | Search | Subscriptions

    CMPnet Click here to visit Portal Wave!

    Click here!