Shoring Up IT Providers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

11:45 AM

Shoring Up IT Providers

Chemical company monitors the security posture of its many hosting providers with an automated scanning service

When it comes to watching just how secure hosted services are, perhaps no one knows better than Paul Simmonds, the global information security director for Imperial Chemical Industries plc.

The chemical company, with annual sales of $11 billion and more than 35,000 employees, maintains offices around the world and outsources most of its business technology to a couple of major IT suppliers and dozens of smaller ones. The companies help maintain ICI's operations in 55 countries, including ones in Europe, North America, and the Asia-Pacific region.

The company's IT security, and that of its service providers, already has been tested. ICI has 400 Web addresses representing everything from specific products to various business units, and those addresses have been targets for attacks launched against applications and corporate data. Simmonds knew he needed a way to measure and enforce security at all the network services and hosting providers.

So he turned to yet another services provider, one that specializes in vulnerability scanning and management. Qualys Inc.'s QualysGuard Enterprise Edition Web-service vulnerability scanner was installed and running in about two hours. The service's backbone is a database of more than 3,700 vulnerabilities that Qualys maintains and constantly updates. That's critical, since experts say about 50 new software vulnerabilities are discovered each week.

Using the Qualys service, Simmonds built a completely automated system that scans ICI's global infrastructure at least once a week and generates security-vulnerability status reports to each of ICI's IT suppliers. ICI maintains the right to scan supplier networks for vulnerabilities. "Security is serious to us, and we expect any security issues we find to be fixed," Simmonds says.

ICI is doing more to protect its systems from attack than most companies. According to InformationWeek Research's 2004 Global Information Security Survey of 7,000 business-technology and security professionals, only a fifth of companies use vulnerability-assessment tools to protect their systems.

A few hosting providers have learned the hard way that, when it comes to security, ICI means business. "Just two weeks ago we had to change a hosting provider because they didn't fix a security hole," Simmonds says. Most--but not all--hosting companies do fix security holes found by QualysGuard, he says. "Some won't because they're worried the fix could interfere with other customers or applications," he says. "Some simply can't. They don't have the technical expertise."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll