| Register/Subscribe Home |
|
| THE STAT 26Percentage of wireless customers who use their cell phones to take picturesMore Vitals
| |
DECEMBER 4, 2001 SPECIAL REPORT: SECURITY'S NEW FACE Coming to Grips with an Unsafe World Corporate America is finding that protecting employees and data isn't simple but sure is expensive. Yet the cost of not doing so is even dearer
"My call-center staff couldn't get in [for several days]," says Fieldglass CEO Jai Shekhawat. The company has since installed a new digital phone and computer system that can quickly redirect call-center software and line connections to an employee's home. Should they need to, the center's employees could work from home with minimal disruption. PROTECTING CODE. That's just one of several security measures Shekhawat has taken to ensure business continuity and reassure his customers, which include Verizon Wireless and big financial concern American General. The company also lined up a second Web-hosting company -- Verio -- to handle its data along with Exodus Communications. And Shekhawat has had his engineers build stronger partitions within the company's network to protect back-end databases from intruders. Developers building software for Fieldglass in the U.S. and India now must go through more rigorous procedures when checking code in and out of the production process. Such measures will likely create a drag on efficiency at Fieldglass. "To me, making your operations more secure is a net drain on assets. On the surface, it adds nothing to your value proposition," says Shekhawat. Yet, he acknowledges, "it's something we have to deal with." Nearly three months after the horrific attacks, U.S. companies are still coming to grips with a world that is inherently less secure than they thought. They're paying rising insurance premiums, requiring stiffer background checks for employees, and hiring more security guards. Airlines are required to install protective measures that will make their enterprises both more expensive to run and vastly more complex. Corporate landlords are rethinking the placement of air ducts in big buildings, and refineries are contemplating the addition of blast-proof doors. And this is just the beginning as Corporate America embarks on a sea change in the way it deals with risk and security. RESETTING PASSWORDS. This new world is manifesting itself in myriad ways, starting with changes as mundane as requiring network users to change their passwords more often. That's a step shipping company American President Lines, based in Oakland, Calif., took in the wake of the terrorist attacks. Pre-September 11, "people were very reluctant to change their password," says Van Nguyen, director of information security for APL. "They said, 'Why do I have to reset my password after five tries?' Now we enforce it and they are more accepting of it." Indeed, most companies immediately took steps of some kind to improve physical security. APL posted guards not only at building entrances but also in parking garages. CenterBeam, a Santa Clara (Calif.) company that manages customized networks of servers and desktop PCs, started issuing visitor badges that make it readily apparent when a pass has expired, according to company co-founder and Chief Technology Officer Glenn Ricart. In many large buildings, entry remains limited to employees holding badges for companies with offices there. "In Chicago and in other big cities, you do not go into the elevators unless you belong in that building, and someone knows you are there," says Russ Gates, the managing partner for global risk at consultants Andersen. Before September 11, "that was unheard of."
UNHEEDED WARNINGS. Vanderweil finds that clients that run far more mundane types of businesses as well as those that build big office buildings care about air-supply security. Some talk of installing enhanced air filters to protect inhabitants against bioterrorism, says Paul Banks, Vanderweil's CEO. Others want to relocate air intakes to minimize the chance of a terrorist attack. "It's not uncommon for [air intakes] to be at street level," says Banks. "Now people want to move them to the roof -- or put them a few levels below that to prevent anyone on top of the building from accessing them." Moreover, after years of unheeded warnings that America's infrastructure was vulnerable, providers finally seem to have taken notice. Martin Roenigk, the CEO of Hanover (Md.) security technology company CompuDyne (CDCY ), suddenly has begun hearing from oil refineries and power plants. They're inquiring about the optical-sensing devices CompuDyne has installed as sentinels on the perimeters of 12 U.S. Air Force bases, plus the bullet-and-blast-resistant doors and windows the company has installed at U.S. embassies. Some requests, says Roenigk, have even come from plain vanilla corporations looking to safeguard their campuses. In response to a raft of new orders, CompuDyne has boosted activity on its production lines by as much as 40%. BOOMING INTEREST. In the digital realm, the shift toward heightened security is more deliberate and less obvious. In reaction to the economic slump, many companies have squeezed their technology budgets, which has left them without the money to immediately green-light big projects that enhance digital security. Like the rest of the tech field, companies that sell digital security products and services have felt the effects of the global slowdown. If security-related sales haven't boomed just yet, interest has, which may bode well for the future. According to Thomas Noonan, CEO of Internet Security Systems, which makes security software and provides consulting and monitoring services, the number of inquires from potential customers is rising. That has led to more contracts for security assessments. And big-ticket deals will likely start to come in 2002 as companies gain more leeway to budget for them. "I think that we will see a long-term increase," says Noonan.
"CODE ESCROW." Like Fieldglass, many companies have already taken extra steps to safeguard computer code and important data. Some have restricted access to key data by physically separating it onto different computers not connected to the Internet or the company's intranet. Web directory company YellowPages.com has reconfigured its network so that the only way anyone can log into key data functions is over an encrypted virtual private network connection, says company CEO Dane Madsen. Among other things, that makes it easier to build an audit trail of who has used the system -- and also creates another ring of protection around these key pieces of data. Security companies are also discovering that most contracts they sign require disaster- recovery capabilities. The latest deals also provide for "code escrow," a relatively new contingency that stipulates that a customer's constantly updated data and software be stored somewhere safe so that it can be returned under certain dire circumstances. Code escrow was originally developed to hedge against a dot-com dropping dead. "After September 11, it has almost become mandatory," explains Fieldglass' Shekhawat. "Now, it's not only if you go bankrupt but if something physically happens to your business, like you get hit by a bomb." Another area that's sure to get added interest is employee-identity authentication. With many companies now looking to decentralize their operations, it's even more important to verify that the person who is online or on the network is who they claim to be, points out Gordon Eubanks, the CEO of software-authentification company Oblix. Systems include so-called "single sign-on" solutions that replace multiple passwords for different parts of the network to biometric identification systems that read fingerprints or can recognize an employee's handprint. DIGITAL KEYS. For now, most biometric implementations seem to be confined to airports, military bases, and extremely high-security situations such as data centers at Web hosters and telecoms. The difference after September 11, though, is that companies now view biometrics as a potentially legitimate means of authenticating I.D.s. "Six months ago, I think people were not going to do anything with biometrics," says Eubanks. "Now they're thinking about it." As an interim step, companies are relying more on digital certificates. These digital keys are linked to a specific piece of hardware and are used to authenticate that the user of that machine has permission to use restricted functions. That's good news for Verisign (VRSN ), the leading provider of digital-certificate software and systems. It's also good for companies such as RSA Security (RSAS ), which makes the popular SecurID system, a combination of digital certificates and handheld electronic passkeys that constantly generate new sequences of numbers needed to gain access to a computer system. According to Andersen's Gates, insurance companies, still smarting from September 11 losses, will likely push their corporate customers to implement many of these security steps or face steeper premiums. Amos at Mailboxes has recently spent between $20 million and $25 million on security improvements. Shekhawat at Fieldglass spent hundreds of thousands, a big sum for a startup running on $10 million in venture capital. YellowPages.com spent close to six figures if not more, says company CEO Madsen. "I am cringing about the price, but we wanted to be safe," he says. Both sentiments are understandable. To meet new security requirements, companies will spend billions -- and suffer untold losses in efficiency. Think of it as the cost of capitalism in a world where Western ideals are under siege.  By Alex Salkever, BusinessWeek Online's Technology editor Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | DECEMBER |
 Copyright 2001, Bloomberg L.P.Terms of Use | Privacy Policy |
Printer-Friendly Version