Just like Prudential, about half of all survey respondents say they'll be securing remote users. BT Group plc (formerly British Telecom) is installing personal firewalls from security vendor InfoExpress for 5,000 remote and mobile workers. Currently, BT employees are forbidden from logging on to the Internet or untrusted networks with their notebooks. "This is part of an integrated approach to desktop security," says Paul Washington, a manager and operational team leader with BT Exact, the research, technology, and operations arm of BT Group. "You need the virtual private network, the personal firewall, and the antivirus--all three things--to make a secure desktop."
Another crucial step for multinational companies is to impose standards and policies worldwide. APL Ltd., a subsidiary of Neptune Orient Lines, has a fleet of 80 container ships that serves more than 100 markets around the world. The $3.4 billion-a-year shipper is moving more applications to the Web and exploring products to help defend against Web-based attacks, which analysts say make up about 80% of all hacker attacks.
"We have to do everything on a global basis so there's no isolation on a regional basis," says David Arbo, director of information security. He's looking at an integrated offering that combines a Web-security application gateway from NetContinuum Inc. and application security-assessment software from SPI Dynamics Inc. APL intends to set up a security console to give it a complete picture of security throughout its global operations. "Manually, you can't keep up," Arbo says. "We're stretched to serve so many areas, and we have so many desktops, for us not to have a tool like that."
The company also is looking to improve the physical security of its shipping ports and IT systems. APL uses radio-frequency identification technology for building access, and it's examining smart cards and tokens with RFID-type technology. "We're looking for some sort of token that would serve a dual role for physical and logical [IT] access," he says. Like APL, many companies want to integrate physical and computer security. Some 35% of those surveyed called it a strategic priority, up from 27% in 2002.
Few, however, have as great a need as the U.S. Department of Defense. The agency has launched an initiative called Common Access Card, which features a smart card enabled with public-key-infrastructure capabilities that runs the Java Card run-time environment on chips with 32 Kbytes of memory. The department has issued more than 3 million cards to military personnel and contractors. They are used to gain access to military bases around the world, log on to computers, obtain medical or other benefits, and digitally sign and encrypt E-mail. The military is issuing 10,000 cards a day at about 1,500 locations in 15 countries and hopes to have 4.3 million cards deployed by the end of the year. More than 150,000 smart-card readers also have been deployed.
"We've always said that we're trying to bring the Department of Defense to the same place that the credit-card world has always been," says Bill Boggess, a division chief for the access- and authentication-technology division at the Defense Manpower Data Center. "Today, you can't buy at McDonald's without them prechecking your card." The department hopes its card will provide that type of swift authorization for its personnel around the world.