November/December 2006 issue

2007 preview: What's rollin' round the bend?

Back to Q1, Q2, Q3

4. What examples have you seen, in 2006, of organizations using security as a business enabler?

Adrian Asher, Global Head of Security , Betfair
There has been a huge push on phishing and other awareness to the user communities. There does appear to be a competitive differentiator that has arisen as a result of this, that of who has best enabled the user to help protect themselves.
As with any differentiator, businesses use this to further their product or brand over others. Personally I am wary of where this potential trend will lead to, as when the purposes of the messages are becoming increasing marketing driven, there may become a clear and present danger. One such example I have seen of this, is an organisation pushing the information to the user base, via the very method they are trying to warn them against.

Brian T. Contos, CISSP, CSO ArcSight Inc
I work closely with a bank that leverages IT security monitoring solutions as part of its mergers and acquisitions strategy. This particular bank tends to make several strategic acquisitions every year. Before they had a solid security framework governing how they would connect newly acquired business to their own, mergers from a technical perspective were lengthy, error prone, insecure and costly. Today they have documented an approach that leverages incident prevention, detection and management for every IT connection made. Overall operational efficiencies have increased, standards are implemented at a global level, regulatory compliance is maintained, and security incidents have been significantly reduced. Worm/virus activity, in addition to information leakage from careless or malicious employees and policy violations, has been reduced.

Leo Cronin, CISO, Reed Elsevier
In the IT industry, a lot of vendors are certainly using security as a business enabler. Microsoft has made significant investments here as have many of the large players in the IT security space. Investing in superior security helps everyone. On the commercial (IT consumer) side I think banks and trading houses are beginning to put systems in place to make online transactions safer without killing the user experience. I am seeing more effort in using the right mix of preventative and detective controls to mitigate risk versus throwing all the investment on the preventative side.

Robert Gleichauf, VP and CTO, Security Technology Group, Cisco
Companies expanding their businesses into developing markets such as China. Business risks are such in these markets that companies realize they need to build security from the get go. This applies as much to the build out of robust infrastructure as it does to the protection of intellectual property.

Paul Henry, Secure Computing
For me personally one of the best examples has to be a South American financial institution that in 2006 rolled out the largest two-factor authentication token deployment ever in Latin America for their customers. Interestingly the deployment was led by the marketing department - not the security department. The marketing department clearly recognized that customers wanted to transact in a secure environment and would as a consequence of enhanced security utilize other services. By offering a secure environment, the company gained customers, grew their market share and increased their operating margins. What stands out is the fact that this is a great example of were the organisation recognized the benefits of security as a business enabler.

Evan Kaplan, CEO Aventail
We see great examples all the time of our customers improving productivity through security. For instance, security solutions for disaster recovery have boosted productivity for businesses with back-up systems and remote access solutions that let their employees keep working in the face of snow storms, transit strikes, or other disasters. And security solutions with strong access controls and end point checks have allowed businesses to extend data access to their employees and partners who use unmanaged devices at home or on the road.

Tom Noonan, General Manager, IBM Internet Security Systems
There are numerous ways that good security practices can enable the business. For example, tracking the movement of data can provide critical information about how the enterprise, suppliers and partners access data and critical systems and business processes to manage that data. The industry has seen various enterprises use vulnerability scanning disciplines to create the knowledge required to feed risk management analysis, network performance fine-tuning, and integrate into the overall network operations.

Hugh Penri-Williams, Chairman of the Information Security Forum
On a personal front as frequent traveller, I’m impressed by the ever-broadening range of facilities offered on the Internet by airlines, hotels, railways and travel agencies. We can now research and compare route & price alternatives around the globe, make reservations, choose seats and meals, print tickets and boarding passes. This avoids check-in queue, just dropping off checked bags. Naturally, those time gains are being offset by security measures but we British stoically grin and bear it. However, DIY in this sector might be going too far. I recently heard one frustrated customer (of an airline that shall remain nameless) shouting at their staff, “Next thing, you’ll have us flying the xxxx planes!”

Paul Simmonds, CSO, ICI
See Q1!

Alex van Someren, CEO nCipher
2006 was the year of mobility and every person working remotely and safely is a practical example of security in action to enhance flexibility and productivity. One of the more innovate projects of 2006 is the British Library’s National digital archive to protect the integrity of some 300 terabytes of digital material for access 100s of years ahead.

5. Who has impressed you as innovative in terms of security this year?

Features index