Interview with Richard Boyer, Vice President of Program Management of NetFrameworks
by Mirko Zorz - Thursday, 13 March 2003.
We see ourselves having several advantages. The first is of course our people. Our company is made up of many of the "who's who" of security implementation and design. Second, we understand that security is not about throwing money at a problem, it is a three-way balance of cost against risk against usability. And lastly we are not standing on our past successes. Security is a moving target and we are always running the technology footrace to keep up.

Who are your typical clients?

Our clients tend to fall into three categories. The first category is the organization which is either looking to build security technologies or to deploy that technology. These tend to be organizations that are developing the technologies of the future and lack the expertise or engineering to complete that vision. They come to us to get that development moved from paper to prototype or production. The second type of organization is one that has come to realize that security is no longer an acceptable afterthought. These are the companies that are looking to improve their own security or mitigate the risk in the case of an incident or more importantly develop a strategy to bring security into the mindset of the people, processes and places of their business. The final type of client is organizations that tend to think on the far ends of the security scale. These clients are interested in protecting themselves to the utmost degree and are interested in making sure that no one (internal or external) can get past any barriers. They also tend to be the clients most interested in knowing the tools and techniques of security penetration to make sure they are insulated against those threats.

What are the biggest security problems you see your clients concerned about?

Our client's security problems are all about resource protection. Too many organizations simply are not able to effectively plan security into their culture. As a result, NetFrameworks CTO Eric Greenberg recently published a book, "Mission Critical Security Planner: When Hackers Won't Take No For an Answer", which is designed as a planning guide to help organizations embed security planning into the mindset of an organization. Security planners want to make sure that they have done everything reasonable to keep themselves and their clients shielded from security mistakes. Ultimately it comes down to keeping intellectual, electronic, physical, relationship and human resources intact and secure while having the business touch a larger and larger paying customer base. NetFrameworks developed and deployed the PKI software and systems used for one of the largest online trading networks in the world. What are some of the difficulties you encountered?

The struggle with PKI to this day is about ease of use. Our deployment of this trading network was not only a struggle of technology but also one of human interface. When you deploy a system of this size and scope, success is not measured by technological ingenuity but by actual usage. The system was only a success if it is was secure and trading happened between all of the systems users. In the end we discovered that clever programming is no substitute for training, support and simplification. In the end, having several thousand traders understand how to obtain, authenticate, authorize and terminate certificates was the hallmark of the system's success.

In your opinion, how important is identity management?


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th