The wired world of today makes it possible for a malicious person to get into a company’s system in the middle of the night, when its premises could actually be locked—the electronic equivalent of an intruder is on the move.

Companies often make their computer networks vulnerable while embracing a new technology—aimed at improving productivity—mainly because they fail to recognize the security needs associated with that technology, assuming, perhaps, that the technology is complete. For instance, by adding a remote access e-mail gateway to enable employees access e-mails while away from the office, companies may be unwittingly providing a side door into their computer network, especially if strong authentication measures are not implemented. Also, by adding a Web site and an FTP server so that customers can instantly retrieve product information and software fixes from anywhere in the world on a 24×7 basis, companies may actually be providing an electronic tunnel to other, non-public corporate data. Similarly, by embracing electronic data interchanges (EDIs) as state-of-the-art vendor order and payment systems, a company could be allowing an imposter to access the company inventory or cheque book.

However, too much security can be as counterproductive as too little security—no modern organization can be self-destructive enough to shun off a technology in the name of security. And as companies come to rely on internetworking to lower the costs of doing business—e-mail for communications, Web sites for information publishing, FTP for software update distribution, and EDI for supplier-vendor transactions—the productivity gains become too compelling to ignore.

Page(s)   1  2  3