Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Reduce the Complexity and Cost of Windows Server Consolidation in Six Modules Novell

Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

win baby- Anonymous

Join the Discussion

Security chiefs share pains of being caught in the middle

By Tim Greene , NetworkWorld.com , 12/13/2005
  • Social Web 
  • Email 
  • Feedback 
  • Close

Corporate security experts face a crisis as they are caught between regulators demanding better accountability for data security and the need to keep businesses up and running with the help of many business partners, an American Express security executive told Interop New York attendees Tuesday.

As more data is housed at least temporarily outside corporate data centers, it becomes more difficult to comply with industry and government regulations, according to Steven Suther, director of information security management for American Express.

"Tell me where your data is and how it is being secured," regulators want to know, he says. "So we need to define at what point is information outside our domain and how is it being protected."

But businesses have very little control over how partners with whom they must share data protect it, he says. Amex asks its vendors to self-assess their security and if it comes up short, Amex will conduct on-site visits to assess the security in person. "We're testing their controls so we can tell regulators we're comfortable with what they are doing," Suther says.

Amex has designated vendor-relations managers who are responsible for ensuring that data controls are in place for a specific list of firms that Amex has hired to perform financial services jobs, he says.

The problem is complicated by whether the tools needed to protect data are available and affordable, says John Pironti, a principal for enterprise and security architecture for Unisys, and what combination of protections is considered sufficient by regulators. "What is good enough that everyone can agree on," Pironti says.

It is difficult to take the requirements of, say, Sarbanes-Oxley, and translate that into security policies, Suther says. "We're all suffering the same kind of lack of confidence in what we should be doing," he says.

Suther says he struggles to balance imposing security on his financial services vendors and allowing them to do their jobs so Amex's financial services business keeps running. "I have to be flexible right now if I want a universe of vendors for my business departments to choose from," Suther says.

1 | 2 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code