Changing of the guards

Security isn't just about padlocks, chains and steel cages - it's awhole ethos about the safeguarding of information that has to be embraced,writes Steve Gold

Infosec 96, held at Olympia at the end of April, was the UK's first security-specific event of its kind. Its 45 free seminars, organised by vendors and resellers in the security industry, gave the show's business and corporate visitors what they wanted - a guiding hand in selecting computer security products.

Computer security is more than fighting hackers or viruses. Research by Spikes Cavell, sponsored by UB Networks, shows that network failure is a key problem in the UK.

According to the survey, 91 per cent of companies suffer multiple network failures every year, and 39 per cent experience a complete failure several times a year. An astonishing seven per cent report failures each day.

One respondent described its own Lan as 'an accident waiting to happen'.

The survey also claims to highlight the causes of failures and their impact on business. The survey was conducted through 220 interviews and four focus groups with UK business and IT management personnel.

UB Networks marketing manager Mark Powell says that the survey's findings underline what businesses have been telling the company over the past few months.

'Users expect networks to operate invisibly,' he says. 'But a Lan becomes all too visible when it fails, with a serious impact on business performance - and the IT manager's stress levels. The research reinforces the need for companies to put resilience at the top of their lists in planning technology investment.'

Another striking finding, says Powell, is the contrast between actual IT performance and user expectations. The survey reveals that 52 per cent of respondents expect 100 per cent capacity all of the time; only a quarter accept that lesser performance is unavoidable.

DON'T HAVE A COW, MAN

The survey also probed the main causes of network failures. Hardware breakdown, not unexpectedly, is the major culprit here, with 68 per cent of respondents citing it as the main cause, followed by users sending large files (38 per cent) and software (24 per cent) causing problems.

Other problems were singular and highly amusing. One respondent noted that a network failure occurred at about 3:20pm every day. The reason for the failure only became obvious when he looked out of the window. It was milking time at the adjacent farm and the cows were rubbing up against an electricity pylon, creating static and a peak load on the electricity network.

Also at Infosec 96, the Information Technology Security and Certification Scheme (ITSEC), a government-funded body that offers certification of security-relevant products, was seeking to raise its profile among the computer-using public. ITSEC representative Tom Moore says its 'Make a Change' campaign aims to encourage companies to consider their IT security strategy and take positive action to protect their business data.

ITSEC has identified a number of changes that can be made in-house to identify any shortcomings in security procedures - at almost no cost to the organisation.

ITSEC head Robin Pizer says: 'With 20 per cent of incidents having a serious impact on businesses, companies can no longer afford to leave their IT security to chance,' he says. 'Our campaign seeks to highlight some simple changes which can be made quite easily, and with minimum cost implications to an organisation, but could eventually save thousands of pounds.'

Infosec was opened by science and technology minister Ian Taylor, who announced the publication of a free DTI-sponsored computer security guide entitled A Business Manager's Guide to Information Security. He claims it gives simple, practical advice to help companies avoid expensive incidents.

Taylor says information is an important and valuable asset that needs to be managed and safeguarded like any other. 'Companies which refuse to acknowledge this face real and expensive threats, such as theft, fraud and system failure. DTI's own survey earlier this year reported that the average cost of information security failures to responding companies was u16,000.' This is not an argument for avoiding computer systems, he says, but a plea to take more care of them.

'Companies which build information security into their business plans will be better placed to take advantage of the opportunities offered by the information society, electronic commerce and new information and communications technologies to improve their competitiveness.'

CLEAN SWEEP

As well as this wealth of free security-relevant information and reports for potential customers of security products and services, resellers should be aware of a move to stamp out software piracy.

Spearheading the initiative is Microsoft, which has started a 'Clean Dealer' campaign, as well as two further initiatives that it says will educate the industry that piracy is no longer an option.

The 'Clean Dealer' campaign calls on all Microsoft resellers and distributors to call a software theft hotline number to report anyone distributing or using illegal software. Mark Roberts, Microsoft software theft business manager, says: 'The campaign aims to provide dealers with a strictly confidential way to report those who are trading illegally and undercutting their business, while equipping the channel with the knowledge, tools and services to stay clean.'

He notes that software theft is costing about u350 million a year in the UK. The kits that Microsoft is supplying to dealers, he says, 'will provide everything needed to comply with software legislation'.

A solid dealer channel focus is critical in the company's fight against software theft, says Roberts. 'The campaign adds to the awareness campaigns already running for users, original equipment manufacturers and corporate customers.'

Microsoft's tougher attitude towards software piracy has the backing of the Business Software Alliance (BSA). BSA representative Sue McGuire says that the BSA's 'say yes to legal software' programme is allowing the anti-piracy group to eradicate the problem of software theft. 'The awareness and understanding of software theft as a criminal activity is key to our work and a facility to report illegal trading is critical to stamp it out,' she says.

The 'Clean Dealer' kit consists of a copy of Legalware on CD-Rom, detailing what Microsoft describes as the knowledge, tools and services necessary to achieve software certification.

The kit includes a case study that shows how Nottingham County Council used Legalware to audit and validate its software, plus details of legal action taken against software offenders, consumer leaflets on legal rights and procedures, and a booklet of answers to the most frequently asked questions about Microsoft's licensing policies.

Microsoft is also backing the Secure Computing Awards, sponsored by the monthly security magazine Secure Computing, as well as publishing its own anti-piracy magazine, Legitimate. According to Microsoft, the awards have been developed to recognise the products and services that are helping to eradicate what the software giant claims is the fastest-growing crime in Britain - a crime that it says is costing UK companies u1 billion a year.

According to Sharon Baylay, Microsoft marketing manager for software theft, the awards seek to reward products, services vendors and individual companies that show particular innovation in their approach to computer crime. The bottom line for users of PC products is that they can have a clear method of assessment for security-relevant computer products and services.

'Raising awareness of this problem is an important element of our programme to eradicate computer crime,' says Baylay. 'As part of our continuing global campaign against illegal software, Microsoft is happy to support this venture and to recognise the progress that is being made in this sector of the industry.'

SAFE AND SECURE

Baylay says computer crime - ranging from software theft to the escalating market in stolen chips - is rapidly becoming a major concern for everyone in the IT industry, vendors and users alike. She says the organisers and sponsors of the awards hope to establish them as an annual event recognising the growing importance of computer security. In addition to Microsoft, companies such as Digital and Authentec International are backing the awards, which will be presented in London this autumn.

Legitimate, meanwhile, is a new venture for Microsoft UK. The magazine, which will initially be published every six months, and distributed through the reseller channel, will cover the issue of combating software theft.

The magazine will include case studies, accounts of raids and ongoing legal action, as well as special features and information on products and services.

According to Baylay, software theft is a problem that affects software developers and users alike. 'Illegal software has no backup, no documentation and no entitlement to future upgrades,' she says. 'It is also often a seriously flawed version of the original. Legitimate seeks to tackle the problem head on and educate business users about the benefits of using legal software packages.'

SECURING IT ADVICE

Copies of A Business Manager's Guide to Information Security and the Department of Trade and Industry policy statement are available free from the DTI.

Contact: 0171 215 1399.