Execs express top security concerns

BOSTON - When it comes to protecting corporate assets there seems to be little security managers don't worry about.

That the impression of security executives attending this week's Converge '06 conference - also known as security vendor Courion's annual customer meeting.

That notion was backed up by a survey of 54 security executives done by Courion and the Executive Alliance consultancy and released at the event that showed the top six security concerns are:

- Unauthorized systems access
- Auditability/compliance concerns
- Customer data breaches
- Sabotage (internal and external)
- Theft of intellectual property
- Cost of administration

Unauthorized network access from either remote access or mobile worker was a chief concern of attendees as well.

"We need to get a better handle on teleworkers and remote access. My greatest concern going forward is the increased use of public airways for such access," said Suzanne Hall, director of IT operations and security for AARP in Washington, D.C. AARP has some 2,000 workers in 65 sites across the U.S. linked over a frame relay-based WAN in most cases. "One of the keys to our success is to mobilize out volunteers across the U.S. so having tools in place to ensure these people can communicate is key. We use mostly SSL VPN technology and have had pretty good success with it."

Hall said she was looking forward to Microsoft's Vista operating system because Microsoft has said it will make it easier to layer on end-point security, especially for mobile and remote access workers. "That is promising," she said.

Remote access security is a concern at Federal Mogul, the $6 billion auto parts giant in Southfield, Mich. But it's not the primary concern right now.

The company has embarked on a three-year journey to retire the more than 40 ERP platforms it now supports and bring up eight instances of SAP software in its place.

It is also installing an identity management system to help secure its entire operation. Adding to that the company is in the process of standardizing on Microsoft products - everything from Active Directory to Exchange to SharePoint, along with Courion's provisioning suite (Dynamic Community), Miller said.

"It is a massive, complex undertaking," said Ryan Miller, director of global information assurance for Federal Mogul. Identity management is a top priority for Federal Mogul as each employee now has on average seven passwords to gain access to various systems and "I have over 12 passwords," Miller added. The firm has 108 manufacturing sites and 42,000 employees spread over the U.S. and across the globe including Asia, Africa, Europe and South America.

"We have no standard access methods nor unique employee identification methods, so that's at the top of the list to be changed," Miller said.

While Miller has his plate full today, he is thinking about future security issues.

"Network access control, particularly Cisco's NAC, is intriguing to us, but our main question is do we want to separate out network admission control with a separate system, using something like Symantec's tools or keep it in the network with Cisco. We haven't made those decisions yet, " Miller said. Federal Mogul has a multivendor network made up of 10 or 11 vendors and includes everything from point-to-point frame relay connections to ISDN backup capabilities, Miller said.