Call Security!

Ghosts in the machine. Spooks in the hard drive. We’re all worried about things that can go wrong with our computers-and now that everyone and his brother seems to be into portable computing, good security is more of an issue than ever.

Here’s a surprise, though. The real problem, it seems, is not with the computers, but with the people who use them.

The arrival of the Information Age means that an increasing amount of personal and business information is stored in computer systems. Without adequate security, that data is vulnerable to attack by any number of human enemies. Disgruntled employees, outside hackers, corporate spies, fraud artists-they’re all out there, and they could be after what you have.

Surprisingly, most businesses still have a long way to go on the road to total security.

Kathy Kincaid, a security guru with IBM Canada, points out that, although 86% of companies surveyed recently use firewalls, 85% have deployed antivirus software, and 74% authentication, only 63% of those surveyed have encryption, and fewer than 50% have intrusion detection.

That means that human intruders can-and probably will-find a way into their mission-critical data.

“Computer security is definitely becoming a big issue among business executives,” says Barry Lewis, a partner in Toronto-based security consultants Cerberus Information Consulting and co-author of Computer Security for Dummies (IDG Books). “The Internet, electronic commerce, and networking have all had a hand in bringing security issues to senior executives’ attention.” That visibility, says Lewis, is finally getting security issues into the back office, where they belong.

“Security is still a bottom-end and low-budget concern for most businesses,” he says. “Senior executives may read about the latest and greatest in security tools-what I call ‘management by magazine’-but they know good security isn’t going to happen overnight. They want to look at what the real issues are, and how much they’ll cost.”

Ben Kayfetz, president of Toronto-based Security Solutions of Canada Inc., knows about the costs of security. His company, founded in 1991, supplies computer security solutions to an impressive list of clients, including schools, law firms, and computer stores.

Kayfetz says that his customers need to be absolutely confident that their hardware will stay where it’s supposed to. To accomplish this end, Kayfetz sells and installs a variety of security devices – locking plates and cables for desktop systems, keylocks and cables for notebooks, even motion sensors.

“Every year, companies buy new computers,” says Kayfetz, “so they call us to secure their new systems. Because the per-seat cost of installed hardware security works out to about $30 per unit, it makes sense for them to have this kind of installation done.

“And the old units have increased value for resale because they come with a bonus-a built-in security device.”

“There are a number of effective security tools available right now,” says Cerberus’ Lewis. “Technically, the level of security that’s available to us is remarkable-what’s missing is the level of comfort with the technology that will allow more businesses to use it.”

And that, of course, is where the going gets tough-and the tough get going.

First of all, security technologies offer a bewildering array of terms, standards, and acronyms. Encryption, authentication, and certification compete in the listener’s brain with firewalls, IKE (Internet Key Exchange), and PKI (Public Key Infrastructure). It’s easy to get lost-and getting lost means being vulnerable to infiltration and loss.

The solution is a holistic approach to security issues.

Implementing security issues is a bit like guarding access to a castle. The castle may have a moat around it, and a high wall enclosing the castle’s rooms. The castle can be closed up entirely, if its owner wishes, so there are no exterior gates and no back doors-but then there’s no place to throw the garbage at the end of the day.

More importantly, the castle’s owner then has no contact or commerce with the world outside. A gate-albeit with restricted access-becomes a necessity if the castle is to be viable. That gate is analogous to a computer system’s firewall. Individuals coming into the castle are identified, passed, and allowed access to the castle’s many rooms.

However, they are not escorted in their travels through the castle, so they can go room by room to rob, plunder, and pillage. Those living and working within the castle need to put locks on their individual doors to protect and secure their possessions.

The locks and their matching keys-in the computer world-equate to encryption tools. Firewalls ensure that only authorized personnel are able to gain access to internal data. Encryption tools involve a sequence of scrambling, signing, and file integrity procedures that enable individuals and organizations to send files and documents electronically to colleagues, strategic partners, and others.

The end result is secure, fast, legally verifiable commerce done digitally.