The uncertainty principle Extended Enterprise Innovator Award Stop! Access restricted Web services vs. legacy remote access systems Not-so-mobile enterprise apps Q&A: Director of MIT’s Center for eBusiness

Organizations planning to partner with Charleston Southern University in South Carolina better get ready for a rigorous vetting process. CIO Rusty Bruns is a stickler when it comes to security.

His biggest fear is that a hacker will find a security hole, break into university databases, and steal personal and financial information for thousands of students and alumni. "You have to make a conscious best effort that that's not going to happen," Bruns says. "I have to say we've done everything we can based on the school's budget and the technology that's out there to protect this information."

Bruns comes by such confidence in part because he audits the CSU network every 12 to 18 months and subjects all prospective partners to a thorough third-party audit. (He has even budgeted for external audits, in case a potential partner cannot afford one.) Among the information he gathers are frequency of password updates, firewall-monitoring procedures, and found vulnerabilities or access holes.

Once he's satisfied that the prospective partner has fixed any major flaws uncovered during the audit, he makes all project team members at that organization sign a security policy. With their signatures, they promise to take a variety of security precautions, such as changing passwords frequently, and they agree not to divulge any shared information. Bruns then checks the partner's references, asking direct questions about how the organization handles security.

Even when Bruns is satisfied that a prospective partner can be trusted, he only extends the CSU network via direct links, using two levels of application-specific passwords and encrypting all transmissions. He could not achieve high enough levels of security if he allowed Web access, Bruns says.

The more the merrier

Vinnie Cottone, vice president of infrastructure services at financial services firm Eaton Vance in Boston, takes a different tack. He is a big proponent of partnering and doesn't want to limit how many companies can access the network. To that end, he's created the Business Partner Network.