Compaq 108164-003 - ProLiant - 800 White Paper page 6

W P
HITE APER
(cont.)
. .
. .
Thieves can steal corporate laptops for their information and hardware value and sell assets to
. .
third parties (i.e. competitors).
. .
. .
Physical security of home PCs is at risk from theft, and data stored on disks is at risk from viral
. .
. .
attack.
. .
. .
In addition to their responsibility to protect hardware, software, and information assets from these
. .
. .
threats, IT managers also face pressures to deploy advanced security to their networks. These
. .
pressures can be roughly grouped into "friendly" and "unfriendly" forces (see Figure 3).
. .
. .
. .
. . "FRIENDLY"
. .
Consumers,
. .
Customers, Partners
. .
. .
. .
. .
We want to trust you."
. .
. .
. .
. . Private Information
n
. .
. .
Joint Plans
n
. .
. .
. .
Supplier
n
. .
. . data/forecasts
. .
. .
. .
. .
The "friendly" pressures primarily come from customers, consumers, and business partners. Both
. .
customers and consumers are concerned with the protection of the private information they share
. .
. .
with companies (i.e., medical records, credit card numbers, joint plans). In addition, they are
. .
unwilling to participate in E-Commerce with companies until they feel the transactions are
. .
. .
completely secure. Business partners' concerns are focused on two areas: first, on achieving a
. .
comfortable level of security for companies exchanging information over open
. .
. .
"Externets"(meaning the Internet, when it is used for business to business commerce) and secondly,
. .
on the question of legal liability, which is brought into focus by the security issue.
. .
. .
Recent court cases suggest that there is an emerging precedent of "downstream liability." This
. .
. .
precedent requires companies to employ "reasonable measures" of security or face potential
. .
. . liability for computer attacks launched on other parties from within their network (e.g. a criminal
. .
breaks into the inadequate security of Company B and uses this trusted position to hack into
. .
. . Business Partner C's more robust security system).
. .
. .
When enterprises do not adequately secure their networks, "unfriendly" forces such as competitors
. .
and government either take advantage of that deficiency or demand retribution. The first of these
. .
. .
forces is competitors. Competitors can turn a company's security weaknesses into an advantage in
. .
one or both of two ways: initially, through the competitor-organized theft of information or
. .
. .
hindrance of internal systems (i.e. attacks which crash strategic company systems such as call
. .
centers, web servers, etc.), and secondly if a competitor accesses or copies private information, they
. .
. .
can quickly counter a business' strategies (e.g. beat their competitive bid for work, under-price
. .
their product in the market). By the same token, crashing a rival's critical systems can hurt their
. .
. .
reputation for customer service or on-time performance. Competitors can also create a competitive
. .
advantage through the impact of a publicized breach on the market position and perception of a
. .
. .
company. In many security-sensitive industries (e.g. health care, banking), the security of a
. .
company's network is a crucial part of the trust formed between business and customer. If this trust
. .
. .
is in question, the relationship is compromised and may cease (e.g., if a private bank loses funds or
. .
. . account information electronically through a publicized security breach, they will probably lose
. .
clients as well).
. .
6
— Security Pressures —
Enterprise IT
Managers
Figure 3
"UNFRIENDLY"
Competitors,
Government
"If they can't trust you,
there will be costs"
Security as
n
competitive
advantage
Downstream liability
n