A New Spin on Data Security.
Part of the difficulty is that Genencor's valuable data goes into the field on laptops when salespeople, scientists, and other employees call on clients, says Vice President of IT William Lutz. "We have our most valuable assets walking around on these portable things that can be easily lost."
As recently as five years ago, however, security hardly registered as an issue. The company relied on the honesty and good faith of its staff and only had to maintain a small computer network.
Then management began to invest heavily in technology, developing processes that now go into more than 250 textile, grain, cleaning supply, animal feed, paper, and food products. And as befit its expanding range of offerings, the company opened offices in Argentina, the Netherlands, Singapore, and Japan, and expanded its manufacturing plants with new facilities in such locales as the U.S. Midwest, China, Argentina, and Finland. With this new growth came a recognition that systems security for laptops and the global network had to become a priority.
About two years ago, Genencor saw public-key infrastructure (PKI) as the way to safeguard its information, so it invested in a PM file-and-folder encryption product. But the product allowed access to locally stored passwords and certificates, which made them vulnerable to a hack attack, according to Kim Morrell, a Genencor information security analyst. It also did not control access to the POs themselves or to their operating systems, nor did it protect file structures, temp files, or system files. The PKI architecture also had compatibility problems with Genencor's systems.
After looking at several vendors, Morrell decided to beta test a device-encryption product, Pointsec 4.0, by Pointsec Mobile Technologies, of Walnut Creek, California (a subsidiary of Protect Data AB of Stockholm, Sweden). Pointsec stood out, Morrell says, because the encryption was strong (256-bit), the product involved little administration or user training, and the software was easy to install. Moreover, the product was compatible with various architectures and could support products of many different companies.
Morrell found the cost of the product reasonable as well. Pricing scales to the number of users. For example, each U.S. user license costs $80 if there are between 500 and 999 users; the price drops to $73 per license for 1,000 to 2,999 users. (Prices are $10 higher for each category for customers outside the United States.)
In addition, Morrell says that because implementing security would be a "lifestyle change" for employees, "one of our goals was to provide some sort of benefit to users." That benefit was single sign-on, freeing employees from having to remember separate passwords for dozens of applications and systems.
Pointsec encrypts an entire PC or laptop hard drive partition by partition, including the operating system, temp files, and data files. The data stays encrypted during booting up and shutting down. Users need not activate encryption; it occurs automatically and transparently in the background. Pointsec can be loaded individually on laptops but it can also be centrally managed.
Beta testing began in the fourth quarter of 2000, with Pointsec encryption being installed on the hard drives of about 100 laptops and desktops. (The company has about 500 laptops and more than 1,000 desktops that use a combination of Microsoft Windows 95, 98, 2000, and NT operating systems.)
For the beta test, Morrell and Lutz had Genencor's applications development group, which works intimately with such applications as Peoplesoft, Lotus Notes, and Entrust, probe to ensure that all applications functioned properly with Pointsec.
Also as a part of the beta test, some workers tried to access a computer to which they had no rights to see whether the data was protected. After three unsuccessful log-ins, Pointsec displayed a message requiring that the PC be rebooted. When the PC was restarted, a message appeared on the monitor reading: There have been several failed log-in attempts since your last successful log-in." Pointsec then provides the user the option of looking at his or her log file. Morrell and her staff went through this process several times without being able to access the PC.
One issue that has arisen with the software involves laptop users' .pvr files, which are files created during the installation of Pointsec that enable administrators to be able to recover a user's system in case it crashes. These files change only when Pointsec software is updated.
Ideally, Pointsec would automatically send remote users' .pvr files to the network (the way it does with machines that are always tied into the network). But laptop users must manually send .pvr files to system administrators. However, since these files change only when Pointsec software is updated and updates to Pointsec are rare, this was not expected to cause a serious problem.
Another issue, though not specific to Pointsec, concerned the log-in sequence for Genencor's many applications. Generally, the last application installed is the first application loaded. If Pointsec is the last application installed, there is no problem. However, if another application is installed after Pointsec, the singlesign-on features don't function properly. This can also occur when an application is uninstalled. Morrell and her staff have had to manually go into the system to adjust the log-in sequence to ensure that Pointsec works as expected.
Despite these glitches, Lutz and Morrell have been pleased with the test results. Besides sending their .pvr files (in the case of laptop users who are rarely on the network), users need not do anything to use Pointsec. Once installed, it is completely transparent and the hard drive is always encrypted. Information is only decrypted when it is accessed, which is done on the fly and in the background.
Technical support has been topnotch, Morrell says. "From a support perspective, I've found that few technology companies are willing to partner with their customers," she says. "They tend to start out small and are great with support. Then they grow and throw the software in your lap, install it, and walk out the door." By contrast, she says, Pointsec's support during the beta test has been "best of breed."
Management has approved rolling out the product globally this summer, say Lutz and Morrell. In addition, because many Genencor employees use personal digital assistants, IT is testing a beta version of Pointsec for Palm OS.
Encryption isn't the only aspect of Genencor's improved security posture, however. The introduction of firewalls, intrusion detection, awareness training, and, most important, policies, is also a critical part of the equation, say Morrell and Lutz. It is hoped that this formula for information protection will ensure that the company's formulas for better manufacturing processes, such as the one that improves laundry detergent, will not come out in the wash.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Pointsec Mobile Technologies Inc.; Genencor|
|Author:||GIPS, MICHAEL A.|
|Date:||Aug 1, 2001|
|Previous Article:||Byte -Size Solution to Hiring Headaches.|
|Next Article:||CASPR Seeks Friends for Best Practices.|