Keep The Focus On Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:45 PM

Keep The Focus On Risk

In 2005, more companies seek to leverage existing security investments and to more strategically manage risk

OUTLOOK 2005Like many companies, Zions Bancorporation has invested heavily in antivirus and intrusion-detection software, firewalls, vulnerability scanners, and other defensive security technologies. And the information hidden within these disparate security systems can show Zions Bancorp just how well its defenses will be able to dispel potential attacks.

The catch: culling all of that information into a meaningful view.

Threats against business-technology systems are quickly evolving, and Zions Bancorp is moving toward a consolidated view of its security posture so it can more effectively spot weaknesses and mitigate the risks of a successful attack, says Preston Wood, chief information security officer for the $1.9 billion-a-year company. "The time between when a [software] vulnerability is discovered and a worm appears is shrinking," Wood says.

Zions Bancorp is deploying Skybox View from Skybox Security Inc. to harvest information from various security technologies--including intrusion-detection systems, firewalls, antivirus software, and software-vulnerability scanners--into a consolidated view. While a software vulnerability in a widely deployed application may surface, that vulnerability, because of firewall rules or other security defenses, may not truly pose a risk to an organization. With Skybox, Wood says, he's able to see if the bank's systems are at an immediate risk, or if patching systems could wait a few weeks. "It lets us mitigate risk more smartly, and we can better dedicate resources and deal with the important issues," he says.

Key Technology PrioritiesWood isn't alone in his security efforts. A full 82% of the 300 business-technology managers polled in the InformationWeek Research Outlook for 2005 study, part of our quarterly Priorities series, ranked updating their security procedures, tools, and services as their top business priority, and 67% of companies will work to improve their network security-management software. Security outweighed business optimization (80%), improving customer service (79%), and even boosting worker productivity (74%).

Western Corporate Federal Credit Union also is working to get a complete enterprise view of risk, says Chris Hoff, chief information security officer and director of enterprise security services at the financial-services cooperative. WesCorp's goal is to invest its security budget in the right areas. The company's big security efforts next year will include identity management, single sign-on, and additional wireless security, Hoff says.

Hoff and his security team at WesCorp will integrate vulnerability-management software from Qualys Inc. with Network Intelligence Corp.'s security-event-management and Skybox View software. This will provide WesCorp with what Hoff describes as "actionable intelligence."

"When it's patch Tuesday and you have large server farms and thousands of systems, you need to know if you're truly at risk," he says. WesCorp's integrated security system will tell Hoff if systems actually are vulnerable to a security flaw, or if the defenses in place already are protecting them. Says Hoff, "It's more about reducing risk and demonstrating business value than simply technology mumbo jumbo."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll