On The Alert

Information-security policies are getting people's attention far outside the IT department

InformationWeek Staff, Contributor

September 6, 2002

4 Min Read

Jim Finn, a principal in the enterprise security consulting practice at Unisys Corp., says the primary information-security focus before Sept. 11 was enabling E-business, everything from making transactions more secure to making servers less vulnerable to hacker attacks. These elements remain important, but today the emphasis is broader, extending to business continuity and physical security. "The trend has become a more holistic view toward security," Finn says. Charles Kolodgy, a security analyst with IDC, says that instead of the surge in security-software spending that he expected, the events of Sept. 11 may have driven funding away from IT security and more to physical security at some companies.

The possibility of blending physical and IT security has jumped at many companies, though most say this convergence is a long-term goal. FedEx's Zanca says there's been more collaboration between his group and the team that handles physical security. Joint projects include ongoing development of a smart-card system with a biometrics component to meet Federal Aviation Administration regulations related to employees with access to company aircraft.

Security managers continue to show interest in tools such as employee smart cards and biometric systems that can identify a person via fingerprint or retinal scans. But implementation is often complicated and costly. "We started investigating a way to manage employee access to everything from building access to telecommunications on a single smart card," says a security administrator with a large Manhattan financial-services firm. The biggest obstacle in terms of cost and time would be integrating a new system with the existing telecom system and network.

Despite the cost and time involved, the financial-services firm hasn't given up. Early next year, it will start a limited test of a system that it hopes will lead to a wider smart-card system that includes building, phone, and IT network access. Some departments, including IT, will be issued smart cards to gain access to sensitive areas within the offices. The ultimate goal, the administrator says, is for employees to be "able to access everything they need the day they start, and we're able to shut them off, with one flip of the switch, the day they're terminated or quit."

Such cards might have helped the interns at Lehman earlier this year. Instead, Engle used a low-tech solution. "We printed up an ID card," he says, "and I wrote a note they carried that told anyone who had any questions to call me."

Return to New Priorities
Return to Making Progress (Main Story)

It's hard to believe it's been nearly a year since we were attacked. As predicted, life has changed. Please join us in remembering what each of us has lost and gained since Sept 11. Your thoughts will help everyone better understand where we are and where we're headed. Go to our Listening Post to share your experiences, some of which could appear in our pages.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights