InformationWeek 500: 20 Great Ideas

>> SECURITY

16

Grass-Roots Security

Truck and truck parts manufacturer Paccar found that conventional approaches to security were keeping it from providing customers with more information about its supply chain. The company decided to focus on securing its systems at the data level. It outsourced basic perimeter security, including spam control, antivirus, and intrusion detection, freeing its IT unit to put its efforts into innovation in other areas, such as telematics, supply chain integration, and mobile retail sales.

Paccar secures data at a granular level, classifying it consistently across the company and encrypting it based on sensitivity. It previously encrypted data on laptops, desktops, and documents; now it also encrypts e-mail and data on backup tapes, handheld devices, and print, scan, and copy equipment.

By structuring the security infrastructure in this way, IT can respond quicker and handle a higher volume of business unit needs, thus lowering costs and increasing the pace of innovation.

17

Data At Rest--Secured

JPMorgan Chase's data protection, while adequate, didn't provide the extreme resiliency and adaptability to emerging technology that the financial services provider needed. Its Data Protection Initiative changed that, centralizing data management for more than 400 sites worldwide.

Data is compressed and sent to core sites, where it's replicated to a centralized bunker using a virtualization strategy that eliminates the need for local tapes. This approach cut the tape backup infrastructure by 40%, improved floor space use by 50%, and made it easier to restore data.

The system, which went live with multiple petabytes of backup data, had an added benefit: Much less sensitive personal data leaves JPMorgan Chase locations in an exposed format such as on tapes. More than 300 employees and nearly 200 vendor personnel participated in this effort.

18

Bottom-To-Top Lockdown

Security was a high priority when online investment firm Scottrade built a new data center last year. But it didn't want to compromise speed, performance, or availability of trading capabilities on its Web sites either.

Scottrade took a layered approach to security, implementing network and database firewalls, a network intrusion prevention system and anomaly detection, host-based intrusion protection, and strong security policies. But it went one step further than many companies, adding secure operating system configurations. It also used a segmented pod architecture, so it can shut down portions of the network without disrupting other parts.