With wireless devices, personal digital assistants, laptops and USB-based gadgets such as memory sticks increasingly being used on the Anglian Water network, the firm asked Computer Sciences Corporation to develop a strategy to combat the threat of corporate data being stolen or going astray, and of outside devices spreading viruses.
Such threats can affect all enterprises: the US military has banned the unauthorised use of high data-capacity memory sticks and Apple iPods from its networks because of the threat to national security as a result of data theft.
Anglian Water is geographically the largest water service company in the UK, providing water and sewerage services to more than five million people. As part of an ongoing process of restructuring its systems to deliver a more cost-effective service, Anglian Water outsourced IT services for more than 4,000 computer systems to CSC.
CSC recognised that to maintain the integrity of its client's network, security protocols would need to be controlled, including the ability of users to interface with input/output devices such as floppy discs, CD-Roms and USB media storage.
As employees had a genuine business requirement to access certain types of input/output devices, this resulted in a support specialist having to visit the system to physically enable or disable access to these devices, thereby causing delay and incurring additional support costs.
Graham Smith, CSC project manager at Anglian Water, needed a way for CSC to administer network user access rights to such devices from a central location and reduce the time-consuming and potentially costly requirement for IT staff to visit and configure each system individually.
After evaluating a number of options, CSC installed SecureWave's Sanctuary Device Control 2.7 system. According to Smith, the SecureWave technology not only allowed user device access rights to be administered centrally, it also enabled these changes to be applied dynamically, without end-users having to log off and back on to the system, thereby minimising any loss of productivity.
The ability to assign I/O device access rights to an individual's user profile, rather than to a workstation or laptop, enables users at Anglian Water to roam from site to site or machine to machine and still have full access to all authorised devices.
"With a large number of employees regularly changing roles, the ability to centrally manage user access rights has made the administrative process much easier," Smith said.
Bob Johnson, chief executive of SecureWave, said, "Most security products are built around attempting to protect the vulnerability of the PC and/or the server by attempting to keep 'bad' things outside of the network security perimeter.
"But with the traditional security perimeter disappearing, security needs to be intrinsic in every system and for every user. The model must change from the 'black-list' approach of trying to exclude everything that may be harmful to a network, to a more proactive 'white-list' approach, which allows authorised personnel access from anywhere."
Johnson said the white-list approach identifies what is safe and permitted to run on a user's system and stops everything else, which is far easier than trying to identify all potential risks.
He said, "With this model, only specific applications may be run by certain users and only specific external devices can connect and store data."