What's hot in the field of IT security? We turned to Rusine Mitchell-Sinclair, general manager of safety and security protection services at IBM Global Services, to find out. In this interview, she describes the most-in-demand services, the future of biometrics and IBM's work on advanced intelligence-sharing technology.
Q: What sort of security services are CIOs seeking these days?
A: "A Merrill Lynch survey just came out that listed security as the No. 2 concern of CIOs, so security is a big item. It's an executive issue that's talked about not only at the CIO's office but also with the CEO and the board of directors.
"One reason is the events of Sept. 11. Another reason is that people recognize security is important to protect assets, and it positions you to have real-time interaction with customers and suppliers.
"Risk assessments are hot right now because people want to know how good their security is. Then, people are looking at how to close the gaps that they have.
"In the area of disaster recovery and business continuity, we went through an era where everyone was consolidating IT assets, and now they're saying they need to look at resiliency and spread out some of their IT assets.
"And after Sept. 11, you're seeing a situation where you have a chief security officer who's working closely with the CIO. So you're seeing the whole idea of safety and security come together, both from a physical perspective and an IT perspective. So now we're looking at more levels of authentication to identify us."
Q: What's the future of biometrics technology? Will it become widespread, or will it be limited to niche applications?
A: "There is legislation pending -- the Durbin bill and the Moran bill -- that will require authentication for government services such as getting a driver's license. And then when you take a look at what's happening in homeland defense and the Transportation Security Administration, they're now talking about deploying biometrics. So it's coming. It may not be pervasive everywhere, but you'll see it in areas that really need security. IBM has shipped 3 million ThinkPads that have an embedded security chip and the ability to do authentication by fingerprint to get on the system."
Q: Will one type of biometrics prevail, or will there be multiple types of biometrics deployed?
A: "The higher the level of accuracy you want, then you'll use multiple biometrics. It also depends on what the applications are used for -- if it's searching law enforcement databases, fingerprints have been around a long time.
"If you want to improve the accuracy of that, you could use an iris scan. But you've got to collect that data first. It's good for border control, airports, nuclear power plants -- anywhere you have a known population.
"If you're looking at [authenticating] access to a data center, a palm reader is quite sufficient."
Q: Any new security technologies on the horizon?
A: "You've heard a great deal lately about sharing [intelligence] information among various agencies. But how do they share information appropriately with other entities, such as businesses, airports and airlines? You don't want to give them access to your highly secure databases or where the data's coming from, but you want to deliver information they could act upon. So IBM Research has been doing some work in that area to be able to link together highly secure databases, totally encrypt that information, completely mask where that information's coming from and process that information in a highly secure, 'hermetically sealed' processor. It would actually destroy itself if anyone tampered with that data. Then you could deliver the action-oriented information in an unclassified form."
Q: What's an example of that?
A: "You might want to run [airline] passenger lists against all the databases of known bad guys. And you might even want to run that against some less-sensitive data, like did these folks have a credit ratings or warranties for things they bought, such as toasters? It shows a level of consistency and carrying on a normal American life."
Q: People have been doing computer matching for decades. Where does the advanced technology come in?
A: "For one thing, it uses a highly secure co-processor, and no one else in the world has one. And the other thing that IBM Research brings is the capability to do this on a large scale by using grid computing. When you think of the massive amount of data that would need to be run through that from the various sources, you're talking about quite a computing effort."
The Security Action Plan
Stories in this report:
- The Security Action Plan
- The Story So Far: IT Security and Disaster Recovery
- Maximum Security Returns
- Manage Those Patches!
- Build a Computer Incident Response Team
- Let the Pros Investigate Computer Crimes
- Watch Out for Wireless Rogues
- For Disaster Recovery, Put Your IT Eggs in Different Baskets
- Denying Network Service
- Think Like a Terrorist
- Field Report: Out from the Shadows
- How to Thrive in the IT Security Market
- The Next Chapter: Predictions about IT security
- IBM's view of the hot trends in IT security
- Case studies in IT security and disaster recovery
- Intrusion-detection systems are evolving
- Reporter's Notebook: IT Security
- Top 10 Vulnerabilities in Today's Wi-Fi Networks