"We're in a race between how well we can protect ourselves, how virulent the viruses become, and how hard the hackers work to improve what they do," says Mark Weinstein, VP of IT for Charles River Ventures, an early-stage venture-capital firm with $2 billion under management. "The first fear is that your firm becomes an example of the bad things that can happen if you don't take the right security precautions."
To protect Charles River Ventures' IT assets and those of its clients, one of Weinstein's first acts upon taking his position in September 2000 was to bring in Guardent Inc., a managed security services provider. Guardent performed an assessment of how well Charles River protected its information and network assets. While Weinstein won't reveal the results of that assessment or the amount his company pays Guardent monthly for its ongoing managed services, he says it's important for companies to know where their vulnerabilities are so that the shortcomings can be remedied.
But hackers appear to be getting better at what they do, too. "I'm definitely more concerned today than I would have been two years ago," says Weinstein, whose company is also an investor in Guardent.
Viruses such as Code Red, the Love Bug, and Nimda have caused billions of dollars in damage to companies' systems during the past year. Research firm Computer Economics estimates that the Love Bug, which hit in 2000, cost businesses $8.75 billion in lost productivity and cleanup efforts.
HIPAA is "Y2K on steroids" for the health-care industry, says Cascione of Children's Hospital.
The act's primary objectives are to provide better access to health insurance, limit fraud and abuse, and reduce administrative costs for health-care and insurance providers. To meet HIPAA's demands for more-efficient electronic transactions and a higher degree of patient information privacy and confidentiality, Children's Hospital in November hired Computer Sciences Corp. to perform a security assessment. The inquiry revealed that the hospital's top priorities for improvement should be electronic data interchange and computer security.
The prevalence and complexity of recent viruses illustrate the importance of tuning IT security. Only a few weeks ago, Children's Hospital was hit by the Hi virus which, Cascione says, shut down its E-mail system and wreaked havoc on the alpha pagers staff members carry.
Part of Computer Science's role as a security services provider is to help the hospital come up with a plan of action to minimize risk to patients and patient data.
Companies that rely heavily on the Internet also need to be acutely aware of security issues. Tax Technologies Inc., a provider of tax-compliance software, has taken the collaborative route to security. When the Haworth, N.J., company began offering a hosted version of its software in May, some customers demanded that Tax Technologies bolster security by bringing in an outside services firm.
The company hired IBM Global Services, which also hosts Tax Technologies' applications. IBM provides dedicated firewall protection, IP monitoring, and intrusion detection.
But Jeff Wenger, VP and chief technology officer, wasn't comfortable outsourcing all the security work to a single vendor. As an added protection, Tax Technologies hired senior security personnel to conduct an internal risk assessment. "Our systems house highly sensitive financial data for Fortune 500 clients, so we didn't want to open our systems to a third-party auditor," Wenger says.
One of the biggest changes that Wenger has experienced since Sept. 11 is an increased interest in Tax Technologies' disaster-recovery plans. To meet these growing concerns, Tax Technologies is staging a second hosting location with IBM Global Services that's a mirror image of the original site.
While the financial-services and health-care industries are at the forefront of heightened IT security, others will likely follow. The price of performing a risk assessment and adding managed security services is small when compared with the cost of losing customer confidence.