The technology is available to deliver single login access to various business-to-consumer and government services. It can also enable remote, wireless access to server-based data. In addition to providing more convenient ways for customers to communicate with organizations, the new gateways are particularly useful for staff seeking more flexible working arrangements, such as being able to work from home. It also enables public and private sector organizations to introduce mobile computing by putting PDAs in the hands of field service staff.

Extending and blurring the boundaries of computing brings new security challenges. Many organizations’ security is like a soft-boiled egg. The firewall provides a shell, which is supposed to protect all internal networks and data. However, once the defense is cracked, the intruder is free to access the soft, GUI centre of the organization’s data repositories. ISBS reveals that three-quarters of in-house websites have a firewall, but half of these sites rely on the firewall as the sole defence.

What can be done?

Organizations need to move from the soft-boiled egg defense to a multi-layered strategy, which provides different levels of access to employees and customers depending on their security clearance.

Once a multi-layer defense is in place, there are three steps to maintaining an effective security strategy:

1. Scan for vulnerabilities

One of the greatest challenges in any distributed computing environment is in policing the network. How do you know if staff are downloading unapproved software? Are they opening mysterious attachments on emails? Is there a hole in the security defense that could admit a potentially devastating virus?


A good anti-virus software incorporates special ‘agents’, which reside on every server, PC, laptop and PDA on the network. These agents continually scan the host device looking for anomalies that could cause security breaches. The agents report all potential vulnerabilities back to a centralized interface. This allows the CIO or IT manager to conduct real-time, ‘at a glance’ risk assessment and implement corrective and preventative measures.

2. Prioritise remediation

New viruses sweep the world within hours of release. Systems administrators must therefore race to install the latest anti-virus updates before infection occurs. However, one-third of ISBS respondents admitted that it takes them 48 to 72 hours to remedy security vulnerabilities.

Response time can be dramatically reduced by taking strategic counsel from a security specialist. Such companies can devise highly sophisticated defenses to deal with ‘blended threats’, which possess characteristics of worms, Trojans and unique hacking techniques that would otherwise slip beneath the radar of most standard anti-virus software.

3. Patch the holes

It’s not unusual for organizations to have thousands of computers at hundreds of different sites. As an alternative to dispatching an army of IT foot soldiers into the field at the first hint of a new virus threat - which can take days or even weeks - the best solutions incorporate software delivery agents, which automatically transport and install anti-virus patches to all PCs across the network.