implify, simplify, simplify. That has become the rallying cry for many companies when it comes to security.
Ideally, users want to use security technologies that fit seamlessly into their infrastructure or that easily improve their methods of protecting their companies' data. Kirk Kness, assistant VP of the applications architecture group at T. Rowe Price Inc. in Baltimore, subscribes to that belief. Without a secure infrastructure, the online financial services his company offers consumers would be impossible. Users need to know that the financial transactions they make over the Web are private and secured. Kness needed software that would ensure this, while letting T. Rowe Price keep its policy-based management mandates intact. "You can't look at security as a disabling technology; it's an enabling technology," he says. "If software can't be flexible and let you put your policy on it, then you haven't got anything."
The company turned to IBM's suite of Tivoli SecureWay products because it provided that flexibility. SecureWay offers security and network policy integration through a single administrative console and repository for policy information. IT managers can set the business policies and store the rules--such as which individuals have access to what information--in a common directory accessible by SecureWay and other applications.
Because of concerns about hacker attacks, Kness wouldn't provide many details about how the security software conforms to T. Rowe Price's network policy rules, but he did say that the smooth enforcement of authentication and encryption are key issues for the company. For instance, T. Rowe Price lets companies manage their 401(k) plans on its Web site, and Kness says the software makes it easy to set protection policies at either higher or lower levels, according to the customer's request. T. Rowe Price also gives individual investors access to their personal portfolios online and uses the Tivoli products to interact with Wall Street research houses.
IBM's Tivoli Systems division developed its SecureWay series after it found that only 5% of its clients were doing online transactions, mainly because of security concerns. Bob Kalka, SecureWay product line manager, says the company discovered this during a massive study in 1998 of 44,000 accounts. "What we learned radically changed our view on security," he says. IBM discovered that users didn't want to change their management procedures and policies in order to accommodate security measures. Since they couldn't get unobtrusive security fixes, they opted not to engage in E-commerce at all. "Users were saying, 'Make it secure, but don't make it difficult to use,'" Kalka says.
Companies can use SecureWay to protect not only customer and partner interactions, but employee transactions as well, IBM says. For instance, Kalka says, some companies need their security software to conform to a tiered purchasing policy, whereby some employees are allowed to buy items for less than $5,000 online without supervisor approval, while others might need a superior to sign off on the purchase. "Our solution has to accommodate that particular policy decision," Kalka says.
Hardware-authentication devices are helping IT administrators with another security hassle: the password problem. In a recent survey of 2,500 large global companies by Forrester Research, 98% of the respondents said they still employ passwords and user names as their primary means of authenticating users. Password maintenance and password security also ranked as the two most significant authentication issues users at these companies face. Industry experts estimate that 20% to 40% of all calls to a company's help desk are password-related. "The question people are asking is, 'How do I monitor authorized activity without burdening legitimate users?'" says Bill Spernow, research director in Gartner Group's information security strategies group.
Hardware-authentication devices can replace the traditional passwords or personal identification numbers typed into a keyboard and save IT organizations time and money. "A large telecommunications company we deal with spends a half-million dollars a month on password maintenance," says Scott Edwards, manager of Compaq's Deskpro products. Compaq is one of the vendors offering alternatives in the form of biometric security products and smart cards.
Illustration by Patrick Corrigan
Back to This Week's Issue
Send Us Your Feedback
Top of the Page