More awareness of IT security
By H. AMIR KHALID
3rd December 2001 (The Star)

KUALA LUMPUR: Growing demand for strong physical security measures in the wake of the Sept 11 attacks on New York City and Washington DC has prompted the formation of IBM Corp's new Office of Global Security Solutions, according to Chin Tek Ming, IBM country manager for integrated technology services.

Chin noted Malaysian companies were also more concerned about disasters and the potentially catastrophic consequences to their business.

While many of them were from the financial sector, where regulators have always been especially strict about precautions, awareness in general has gone up across the board.

"People are coming to us with these concerns," he said.

Chin said more customers now wanted a complete assessment of their IT security, not just to prevent unauthorised access but also to ensure physical security.

And with more companies having an infrastructure that could be accessed from anywhere in the world, securing an IT infrastructure now required global thinking.

Hence the need for a worldwide organisation at IBM to tackle the problem, Chin said. On Nov 19, IBM announced the formation of the Global Security Solutions Office, as part of its Global Services organisation.

The office would concentrate on technology for physical security, specifically biometrics, to control access to locations and resources, and biohazard threats such as anthrax viruses, IBM said.

The Global Security Solutions Office would use technology to detect and identify security risks, and to link databases with security information.

It would also develop new technology on its own, out of its total US$7bil (RM26.6bil) yearly research and development budget, as well as its 3,000 security consultants and 100 researchers.

IBM already had a number of security and privacy offerings, like security assessment, planning and design services; and implementation, management and outsourcing services.

The Office of Global Security Solutions was adding several more services, such as enhanced intrusion detection services and vulnerability assessments; managed firewall services for hosted customers; and one-day awareness classes for corporate executives.

In Malaysia, Chin said that IBM would have 15 dedicated staff working on security solutions, out of 300 services staff at IBM Malaysia.

However, he conceded that a thorough job of securing a company's IT systems could raise the system cost by one and a half times, and in the currently tough economic situation a company might justifiably decide to make survival the top priority instead.

But companies should have a subscription to a hot site backup facility, or a mutual backup arrangement with another company, at the very least, he said.

And while they were considering how much they should spend on IT security, Chin said companies should apply some good practices.

For instance, they should formalise their security policy, documenting which staff should have access to what information and how.

They should also change passwords regularly, deleting obsolete ones and making sure only nontrivial passwords could be used.

All Internet connections should be protected by regularly updated firewalls.

Also indispensable were business continuity and recovery plans, and an emergency response team for security breaches, said Chin.