Five steps to secure your environment

Computerworld - Historically, when companies considered the implementation of a security solution, the options were limited to a small number of unwieldy, inflexible systems. Today, security has become a universal concern, and the number of "solutions" and vendors has exploded, which in turn has led to a crowded space and overwhelmed executives. Sorting through the options and determining the best fit for their companies can be a trying and time-consuming task.

These five tips will guide decision-makers through the complex world of IT security.

1. Ignore the hype.

In today's e-business world, security vendors are quick to exaggerate the safety and protection problems of potential customers, recommending complicated and expensive products where often a more straightforward application would suffice. It's this increased hype that adds to the distorted perception that all data and messages are vulnerable and that no transaction is safe without authentication.

Security answers are out there, and the correct fortifications are often less convoluted than one might think. To be sure, mission-critical and sensitive data and message traffic need to be secured. But that doesn't include the companywide announcement about the annual holiday party.

2. Know your options.

	Roger Sullivan is CEO of New York-based Phaos Technology Corp. and a former employee of the U.S. Army Security Agency. He can be reached at rogers@phaos.com..

In fact, an infrastructure overhaul is rarely necessary, and the best security solutions often involve the use of specific, targeted applications to particular areas of the network.

3. Educate yourself.

Security decision-makers need to learn what the real-life risks are and how to address them. Determining one's protection needs is daunting, especially with all the options available. Implementing a secure message system, for example, is no small undertaking, so it's important to design one carefully.

Stay current on industry and market initiatives such as the President's Critical Infrastructure Protection Board's Draft Standard. (Many think its recommendations are obvious and lack teeth, but if your organization isn't doing at least this, you're at risk.) The Liberty Alliance Project is tackling many of the issues of authentication and business-to-business trading federations. Also, the Electronic Financial Services Council's SPERS initiative is creating standards for digital authentication and signatures.

4. Begin with the fundamentals.

Organizations taking their first steps toward security should begin by securing the message transport using Secure Sockets Layer and encryption techniques as well as XML digital signatures to secure important data.