It could be the basis of a new reality show: IT administrators
battle unsecured devices accessing their networks while willful
executives resist their security measures.
There are a lot of things IT people must focus on to make
networks secure. At the same time, they must allow businesses and
organizations to focus on their overall mission.
Lamenting their challenges, many network admins and IT managers
offered up their security worries and successes at the IDC Security
Forum in New York City last week.
For some administrators, the issues that top their security
to-do list include insisting that executive BlackBerrys are
password-protected and making sure the devices stay uncontaminated
from viruses, worms or worse.
Audrey Pantas, Xerox Corp.'s chief information security officer,
insisted repeatedly that executives at her company secure their
BlackBerrys with passwords. In the end, she won her case, but not
without a lot of resistance.
Pantas illustrated her point with this anecdote. While on a
trip, she found a BlackBerry on the road near a parking spot and
saw that it was unsecured. She was able to find the owner's contact
information, and discovered that the woman was an executive with a
large company. "She told me 'thanks, this thing has my whole life
in it,'" said Pantas. "I told her 'you're I am the lucky it was me
who found it, and you need to put a password on there right
now.'"
Of course, not all her department's concerns are so easily
addressed. It will be switching to smart cards in the next year,
which will act as a computer sign-on mechanism.
Others at the forum said their problem is keeping the desktop
clear of third-party devices that people bring to work, such as MP3
players or adding an EVOD card to the company-issued laptop so they
can tap into a wireless network no matter where they are.
"It's really about user education," said Bob Blythe, World
Wrestling Entertainment Inc.'s director of information technology.
"If you talk with [users] one on one, they're usually pretty good
about [clutter]." The WWE has about 500 seats.
Joanne Kossuth, chief information officer and associate vice
president of development at Franklin W. Olin College of Engineering
in Needham, Mass., has a fully converged network, which she helped
design. The school is fairly young, with its first graduating class
graduating this past spring.
Providing a network that allows faculty and students to
collaborate with each other, as well as those in other
universities, is a lot of work. The students and faculty demand a
lot of openness in such a system, but the IT department must always
think of the security issues involved and communicate those
concerns well to staff and students.
Andrew Baker, Warner Music Group's director of network services
and security, spends a lot of his time educating others in the
company about the need for security. IT managers may be weighing
several projects, so it's imperative that they understand its
importance, he said.
In New Haven, Conn., Tom Keogh, The United Illuminating Co.'s
information consultant, has his plate full with his usual
compliance work. The utility is a publicly traded company but on
cyber-security standards that are being imposed on public
utilities. And there is an upcoming round of new computers and
software, which Keogh said will not be Microsoft's Vista.
Perhaps the biggest challenge for all IT network security
professionals is keeping their networks safe while providing
employees with remote access through devices that help them remain
productive.
"The days of locking down all the desktops, having no extended
networks and no computers leaving the building are over," Pantas
said. "You're never going to close all the risk. You just have to
be realistic about the risks you take."