Published by
 

Philippine Business Magazine: Volume 11 No. 2 - Technology

Guarding Systems

Now, more than ever, companies are being challenged to ensure tighter security in their computer systems

By Joel D. Pinaroc

In the corporate world, security no longer means having the physical infrastructure and protocols to protect a company’s resources. A case in point is a typical bank, which in the early days relied solely on a vault to secure business valuables. Mention security in a corporate setting today and chances are, concepts like “passwords,” “firewalls,” “viruses,” “worms,” and “encryption,” among others, will surely surface.

The wave of technology has changed existing paradigms, as companies soon realized the value of letting computers take over most of the workload in a company’s day-to-day operations. Automation and the utilization of software for varied purposes became the order of the day for most companies.

The way they were

Before, mainframes were used to set up simple, yet tightly-knit networks that used proprietary software to connect computers inside the office. It is easy to imagine a “computer room” where the mainframe is located. It is even easier to imagine what security protocols were being used then, with proprietary networks and access codes given only to key personnel.
However, in the mid-90s, existing security protocols of computer systems turned on its ear as the Internet and the standards governing it soon became too popular and too ubiquitous for companies to ignore. Companies made a mass migration and adopted the Internet and its offshoot technologies to overhaul their existing set up.

The Internet and Intranet

Instead of proprietary software, companies soon realized that adhering to common standards reaped benefits for a company. The Internet’s promise of transcending physical boundaries, facilitating “real-time” communications between individuals or companies operating in different time zones, and its ability to offer goods and services in the global market triggered a feverish rush to adapt the Internet for corporate purposes.

With this trend, Internet-based technologies such as an Internet Protocol (IP, the technical standards which specify how packets on the Internet are routed from one machine to another) are now in wide use. This standard is fairly reliable, and more importantly, works with almost any kind of computer program or hardware. Companies have been using IP-based networks or Intranets due to this attribute.

Whereas the Internet is public – meaning people can access it given that websites do not have a security feature such as passwords – the Intranet is strictly for a company’s internal use.

More than the password

However, enterprising individuals with a flair to toy around with software being used in setting up IP-based networks have discovered ways to enter Intranets using the Internet, since both used IP. Simply put, passwords no longer meet the security needs of a company’s system.

Companies soon realized that security now meant protecting all the possible entry points from potential intruders commonly known as “hackers.” Although this term is popularly known, self-confessed hackers would point out that they have no intention to destroy or disrupt other computer systems and they only try to discover flaws in the network or in the computer system when they enter into it. True hackers they say do not have nefarious intentions when they get into corporate networks, those who enter illegally and cause mayhem are what they call “crackers.”

In the scheme of things, the software programs running inside desktops, servers, and operating systems are the most common entry point of intruders and are thus, the most sensitive components of a corporate network. Of course, companies still use unique programs. The problem here is that these programs derive their applications from the same “language” – thus having more or less the same features, they would also share the same vulnerabilities.

Such is the impact of software security that the US government recently tagged computer-related crimes, particularly security breaches into private networks, as one of the top 3 crimes that the Federal Bureau of Investigation (FBI) will be keeping its eyes on. In the US, rampant cases of security breaches in large companies are being investigated, this trend is expected to trigger a spending binge for security software and other solutions.

High-end defense

Multi-billion dollar firms are now re-tooling their security strategies from simply installing anti-virus programs in their own computer systems towards shifting their entire network in the care of perhaps the ultimate in security systems – Internet Data Centers (IDCs), where terabytes of data are kept under lock and key. Locally, companies with strong financial capabilities such as Philippine Long Distance Telephone, Co. (PLDT), Globe Telecom, and Ayalaport - an IDC company itself servicing Ayala-owned companies - can afford to have their own IDC’s.

An IDC is usually an unmarked, inconspicuous building where sensitive data are kept. In these facilities, the newest software security solutions coupled with the latest in physical security, such as closed circuit cameras and motion-sensitive detectors are operating around the clock, 365 days a year.

Although a company has a wide range of defensive measures to choose from, global organizations have tried to come up with global standards using recommended security concepts on top of the usual anti-virus software and password solutions. A few of these high-end security concepts are listed below with simple definitions.

• Public Key Infrastructure (PKI). This concept has been pushed for sometime now, particularly for the exchange of sensitive data and money through public networks such as the Internet. www.whatis.com describes this concept as “a pair of public and private cryptographic keys obtained and shared through a trusted authority.

• Firewalls. Again based on a www.whatis.com definition, firewalls are a set of related computer programs, located at a network gateway server - or the server which allows entry to the Internet - that protects the resources of a private network from users from other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.

• VPNs or virtual private networks. VPNs use a public telecommunication infrastructure, such as the Internet, to provide remote and secure access to an organization’s members. The term “virtual” also implies that a VPN network uses a shared public infrastructure while maintaining privacy through security procedures and “tunneling” protocols where data is encrypted at the sending end and decrypted at the receiving end.

Perhaps not too many companies know that there is a standard that sets information security for corporate networks. The International Standards Organization or ISO has designated ISO 1779 as the international mark of information security. This standard gives vulnerability assessment and the “soundness” of a company’s security. Most global, online banks are said to be ISO 1779 compliant.

Parallel Developments

Computer technology has indeed made data-handling work easier in today’s businesses. On the one hand, however, the same technology has also made guarding against security breaches on computer data systems a daunting and nightmarish task. Thanks for the increasing sophistication of security solutions, it’s business as usual for the world’s computer dependent companies.


 
Technology

 



   
Back to top
 
Home | News & Updates | Surveys & Forecasts | Economic Statistics | Legislation | Guide to Doing Business
Geographics | Directories | Travel & Leisure | Magazine | Subscribe | About Us | Write Us | Search
  
 

Copyright © 2001-2006 MAKATI BUSINESS CLUB All Rights Reserved