Vendor Conflicts Bug Security Chiefs ...
Computerworld -
... who believe that incompatibility among security products impedes their efforts to lock down their systems. Vendors "need to open up their security model, so companies can apply the product to their own security needs," argues Allen Kerr, vice president of IT infrastructure and information security at Premera Blue Cross in Mountlake Terrace, Wash. Kerr points to vendors that claim, for example, that a product is compliant with the Health Insurance Portability and Accountability Act, which is good. But that doesn't help him when he needs to extend the product to be compliant with patient health information strictures set by individual states. "I say, open up the security model so I can be compliant across the board," he concludes. Phil Attfield, an IT security consultant in Fall City, Wash., agrees. "Security is infrastructure now," he says, "and it needs to have policy enforcement standards set across the board." Unless vendors open up their APIs, that's not possible. Ron Moritz, chief security strategist at Computer Associates International Inc., acknowledges the problem and says it will take until 2006-07 for the application programming interfaces in CA's eTrust security applications to be available to users for customization.
Another brewing security issue that worries Kerr and other corporate information security heads who were at a CA-sponsored dinner at Safeco Field in Seattle last week is outsourcing. "What people worry about is securing the transmission of data," he says. "But that's the simplest part." Karen Worstell, chief information security officer and vice president of IT risk management at Redmond, Wash.-based AT&T Wireless Services Inc., says there's "no difference between Tukwila, [Wash.,] and Bangalore" in the way IT managers need to treat their outsourcers. However, she suggests that you develop service-level agreements that specify how the information can be used by outsiders, who can see it and whether work on an application can be subcontracted out. "And you need to monitor or audit the outsourcer once or twice a year," Worstell advises. She says she believes that the Sarbanes-Oxley Act changed the way IT has to think about outsourcing deals. "Now you can outsource the work, but not the responsibility," she wisely says.
The mainframe gravy train keeps getting longer for Attachmate Corp. The Bellevue, Wash.-based company will release its MyExtra Smart Connector Mainframe Edition late this month. The new version of the software, which already exists as a server-based product outside the mainframe, now runs directly in an OS/390 or zSeries environment. Plus, the latest version will add VSAM and DB2 connectors to its IMS and CICS links. Attachmate Vice President Markus Nitschke says application writers can use the mainframe-based version to tie information inside disparate databases running on the big iron with a single SQL join command. And, he boasts, performance jumps at least 100 times by running the connectors directly on the mainframe as opposed to on an external server.
Security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

