Printer Friendly
The Free Library
14,551,487 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Two Worlds Colliding.


The combination of the high-tech security industry's expertise, products and services with the insurance industry's risk-management expertise, products and services could create a new insurance segment.

Almost everyone involved in information technology is concerned about security, from venture capitalists Venture Capitalist

An investor who provides capital to either start-up ventures or support small companies who wish to expand but do not have access to public funding.

Notes:
Venture capitalists usually expect higher returns for the additional risks taken.  on the cutting edge to the "laggards" on the technology adoption curve. The insurance industry should be excited by the immense opportunity and companion challenges of capitalizing on this emerging insurance market.

Evidence of a joint vision is being articulated by some of the world's leading technology security experts and insurance thought leaders. The vision is of a venture that combines high-tech security industry offerings with insurance products and services.

Earlier this year, newspapers reported a spate of online turf wars between the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area.  and China, where hackers from each country played a game of "one-upmanship." What received much less publicity was the news that their hacking predecessors--who are now helping prevent security breaches, rather than doing the "breaching"--are touting touting

the making of personal representations by a veterinarian to persons who are not clients in an attempt to solicit their business.  the benefits of integrating high-tech security systems with insurance.

Information technology and insurance traditionally have not been mentioned in the same breath--at least not nearly as often as high technology has been associated with the securities industry or the banking industry. But insurers have the unique opportunity to leverage technology as the underpinnings of a new, high-growth, high-profit market segment. While technology is a significant security enabler, the insurance industry knows best how to quantify the risk and create products that address critical business issues. For the high-tech security industry to reach current market projections, it will need the insurance industry in lock-step. According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.  Datamonitor, an international market research firm, high-tech security product sales are projected to grow from today's $4.5 billion a year to $18.5 billion a year by 2005, with related services totaling another $11.9 billion a year by then.

Techies Tout Tout

To promote a security in order to attract buyers.

tout

To foster interest in a particular company or security. For example, a broker might tout a security to a client in the hope that the client will purchase the security.  Insurance

High-tech security experts are trumpeting the benefits of insurance. Not only are these high-tech security leaders bullish about it, they are taking an active role in helping define, lead and implement real business solutions with the assistance of insurers.

One of the world's foremost security experts, Bruce Schneier, has continued to proclaim the importance of a combined technology and insurance approach to security as part of a risk-management strategy. Schneier, founder and chief technology officer of Counterpane Internet Security ''This article or section is being rewritten at

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software.  and author of Secrets and Lies: Digital Security in a Networked World, has waved the insurance banner since July 2000, when Counterpane formed a partnership with Lloyd's. The venture gives Counterpane clients the option to buy up to $100 million in coverage to protect against the losses caused by high-tech security breaches. "Sooner or later," Schneier wrote in the February 2001 issue of Information Security Magazine, "the insurance industry will sell everyone anti-hacking policies."

Schneier's perspective is not unique to the security consulting world. More traditional high-tech organizations, such as IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries)  and Hewlett-Packard, have long had partnerships with insurance companies, so extending those partnerships into the security space was anticipated.

Other high-tech security consultants and analysts agree about the benefits of integrating IT security and insurance. Philip Cox, a SystemExperts consultant, commented during a presentation in New York New York, state, United States
New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of  in April that the high-tech security industry eventually could come under the auspices of the insurance industry.

Cox, author of the Windows 2000 Security Handbook, understands and consults on the importance of increased standardization standardization

In industry, the development and application of standards that make it possible to manufacture a large volume of interchangeable parts. Standardization may focus on engineering standards, such as properties of materials, fits and tolerances, and drafting  and the need to decrease high-tech users' security risks. SystemExperts provides a road map to help increase the insurability of any business concerned with risk management. The next logical step for a business, therefore, becomes exploring the risks and rewards of enhancing its existing insurance relationships to encompass its information technology security.

Integration Theories

David Hughes
  • David E. Hughes British-born inventor and American academic
  • David Hughes (novelist) British novelist
  • Dave Hughes Australian stand-up comic
  • David Hughes (cricketer) English cricketer
  • David B. Hughes Developer of eMystics (see eMystics.org)
  • David R.
, vice president of Nac Reinsurance The contract made between an insurance company and a third party to protect the insurance company from losses. The contract provides for the third party to pay for the loss sustained by the insurance company when the company makes a payment on the original contract. , explains the current theories about combining the capabilities of the high-tech security and insurance industries in an article in the February 2001 edition of Professional Liability Underwriting Society's PLUS Journal. In the article, Hughes argues that the insurance industry need not change analysis tools; in fact, he states that the industry "must bring historical methods to bear in addressing these new exposures."

"Prudent carriers who are writing e-commerce risks have partnered in some manner with professional security experts who are required to audit the systems security of potential insureds to identify weaknesses and to recommend enhancements," Hughes wrote.

Hughes underscores the value that insurers can provide to businesses interested in high-tech, security-based risk management. Just as important, however, is knowing what type of high-tech security products or services can be used for an initial systems security audit and which of these products or services can be used to continually monitor the security of a business's technology.

The good news is that there are several options available to businesses and insurers in obtaining the information necessary to justify purchasing or to write high-tech security insurance. The better news is that these options can be used for monitoring, to identify new issues, to report trends and even to prevent technology's inherent flexibility from becoming too burdensome to securely manage.

From 'Fortress' to 'Airport'

In the earliest days of high-tech security, everything was centralized cen·tral·ize  
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es

v.tr.
1. To draw into or toward a center; consolidate.

2. , and there was mainframe security. As computing became distributed internally through local-area networks Local-area networks

Computer networks that usually cover a limited range, say, within the boundary of a building. A computer network is two or more computers that communicate with each other through some medium.  and wide-area networks Wide-area networks

Communication networks that are regional, nationwide, or worldwide in geographic area, with a minimum distance typical of that between major metropolitan areas. Smaller networks include metropolitan and local-area networks. , security products and services needed to function in that environment, although they were still primarily internally focused. With the advent of the Internet, data communication into and Out of a corporation suddenly became more commonplace. Security products and services for the "Internet age" were first built in what is commonly called the "fortress" model: Firewalls were installed to keep out unauthorized users. As these "invaders" became more sophisticated, the firewalls became more complex, but they were still being sold, and used to create a fortress.

With the advent of intranets, extranets and online business-to-business exchanges, the "successful" high-tech security model evolved to support business functions. Rather than being a fortress, high-tech security now uses more of an "airport model," according to Jonathan Gossels, founder and president of SystemExperts Corp.

Gossels uses the analogy of an airport security system to describe the evolution of high-tech security products. Credentials for information-technology users--internal and external--should be coordinated through an authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.

(2) Verifying the identity of a user logging into a network.  process, a systematic approach to assigning rights and privileges based upon who the users are, what IT services they need to use and what business processes they are involved with. Like an airport, these high-traffic high-tech systems are much more than just user-based (e.g., passengers). Rather, the high-tech security system also supports employees (e.g., who is allowed on the airport tarmac), partners (e.g., food services food services Hospital services A 24/7 department in a hospital that provides for the nutritional needs of inpatients–eg, those needing special diets, preparing meals and transporting them to the floor and, through the cafeteria, the hospital staff and ) and vendors, and it has different security levels based upon different, dynamic events (e.g., politician arrivals).

The complexity of using the "airport model" for security should be apparent. The evolution of high-tech products has been reflected in the increased sophistication so·phis·ti·cate  
v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates

v.tr.
1. To cause to become less natural, especially to make less naive and more worldly.

2.  of high-tech security products and services. Initially, the security products had been point offerings, addressing a niche (e.g., firewalls). As the industry has matured, the more established information-technology security vendors--such as Checkpoint--have begun espousing the benefits of an overarching o·ver·arch·ing  
adj.
1. Forming an arch overhead or above: overarching branches.

2. Extending over or throughout: "I am not sure whether the missing ingredient . . .  architecture. Checkpoint's OPSEC (OPerations SECurity) The U.S. military term for concealing critical information as part of a counterintelligence plan. A form of "security by obscurity," OPSEC determines what information adversaries can obtain or piece together from observation and to provide measures for  (Open Platform for Security), the recent winner of an industry award for the "best enterprise security framework," is a fairly comprehensive grouping of partners, certification, a software-development kit and the framework itself.

Underneath any security framework, different security layers are typically defined as host security, firewall security, connection security, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys.  and digital certificates and signatures. Since the actual architecture implementations are still emerging, when evaluating high-tech security solutions, it is important to consider product and services vendors offering multiple solutions across multiple platforms Refers to two or more operating environments, which typically include the CPU family and operating system. For example, if versions of a program run on Windows and the Macintosh, the software is said to support multiple platforms.  that can "grow into an architecture." A sample reference chart of these vendors can be found at I/opsec/allopsec.html.

A critical area that someone analyzing security requirements should explore and understand is the role of Lightweight Directory Access Protocol (protocol) Lightweight Directory Access Protocol - (LDAP) A protocol for accessing on-line directory services.

LDAP was defined by the IETF in order to encourage adoption of X.500 directories.  (LDAP (Lightweight Directory Access Protocol) A protocol used to access a directory listing. LDAP support is implemented in Web browsers and e-mail programs, which can query an LDAP-compliant directory. ), which is typically the main "entry point" for user access into an information-technology environment. As the security frameworks mentioned earlier become more prevalent, the role of LDAP and its importance to information technology security will continue to grow exponentially. A key example of this is that although LDAP servers themselves conceptually fit into the host security layer, their impact spans multiple security layers. As digital certificates are increasingly stored in LDAP servers, something compromising the security of an LDAP server would affect a company's digital certificates. The result would be a compromise of a company's three basic security functions:

* authentication: who the user is;

* authorization: what the user is allowed to do; and

* accounting/administration: user reporting.

Information-technology security is a complex issue and can have major

consequences to any business if compromised. Combining the high-tech security industry's expertise, products and services with the insurance industry's risk-management expertise, products and services holds significant promise. The power of the Internet and its impact on business has only begun; to remove inhibiting concerns via a solid risk-management approach would be of significant value, indeed.

Gates Ouimette is an independent consultant based in Medfield, Mass., and a member of the board of directors of Pedestal pedestal

In Classical architecture, a support or base for a column, statue, vase, or obelisk. It may be square, octagonal, or circular. A single pedestal may also support a group of columns, or colonnade (see podium).  Software, a security software firm based in Norwood, Mass.
COPYRIGHT 2001 A.M. Best Company, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2001, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:The high-tech security industry and the insurance industry
Comment:Two Worlds Colliding.(The high-tech security industry and the insurance industry)
Author:Ouimette, Gates
Publication:Best's Review
Geographic Code:1USA
Date:Aug 1, 2001
Words:1514
Previous Article:Information Central.(reinsurance industry and Internet technology)
Next Article:E-Business Insurer Raises Premium on Windows NT.(Brief Article)
Topics:



Related Articles
Hi-tech business parks in NJ remain active. (leasing activity of business parks increases in New Jersey throughout 1992) (Review & Forecast, Section...
Your health-care costs.
High-tech/flex market will remain strong. (high technology industry leads dominates office leasing tenancy, sometimes requiring flexible space...
RFP for new high-tech districts issued.
First Industrial Realty Trust, Inc.
Where's Dilbert.
Onsite brings services to East Orange.(Brief Article)
BRIEFLY VOTE SYSTEM FINE, L.A. OFFICIALS SAY.(News)
Silverstein: round 2.(cases of Larry Silverstein)
A risk worth taking: entrepreneurship for carriers and brokers is not for the faint-hearted.(Property/Casualty)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles