Betting on the next wave of cyber-security
If you are like millions of government and private-sector workers, you hate your work computer. You hate Microsoft Outlook. You hate your official-issue mobile device — most likely a staid ol’ BlackBerry. So you set up your own processes to work with the hardware and software that you prefer, say Gmail and Android, whether or not your IT department says it’s OK. You may be happier and more productive, but you may also have circumvented the security features that cost your company, or Joe and Jane Q. Taxpayer, a lot of money. And if you’re in the military-industrial complex, you may have inadvertently contributed to the ongoing cyber-crisis.
Computer security giant Symantec Corp. is betting that defense customers, public and private, won’t try to crack down on today’s tech-savvy users opting for their own gear and software. For one, if IT departments actually could force people to use horrible old laptops and boring BlackBerries, this wouldn’t be a problem. And more importantly, government and private sector network users want to move to “the cloud” anyway, moving even some sensitive data to homes online to save money on storage and make it easier for users to access it anywhere. Security worries are the biggest thing holding this back, but Symantec has a whiz-bang new product that it hopes will push things past that — and potentially generate another huge windfall for the company.
Dubbed “O3,” or “ozone,” — because it’s a protective layer, get it? — Symantec wants to sell the feds new software that will link users’ identities with the stuff they’re permitted to access, but independent of specific hardware or applications. So if you work for DoD, let’s say, but you hate your government laptop and its email client, O3 would know the Hotmail identity you use instead and permit you to handle your messages and documents. Unlike a Virtual Private Network, which requires special software on your local machine to connect with a host, you’d use a web client to sign into O3, which would then let you access email, shared files or other stuff online from anywhere. Having a single account for every user — no matter how many third-party accounts they use for email, file sharing, databases or whatever — will make it much easier to keep networks secure, company officials say. And when an employee quits, it’s just a matter of eliminating their single ID, rather than having to try to trace back through the various services and logins they may have been using to do their job.
“Identity management is a big issue,” said Jennifer Nowell, director of Symantec’s government solutions group. Government IT types are constantly complaining about their lack of control in this area, which can lead to cyber-bugs getting into official networks and sensitive information getting out.
The company is still working on its O3 concept, with the goal of rolling it out at some point over the next year, said Rob Koeten, “ozone’s” chief architect. So are the feds interested? Nowell and other company officials said they believe it’ll scratch a security itch that defense and other government customers can’t resist, given that it’ll make it safer to begin using more cloud services. Government agencies and corporations already are a patchwork of semi-official cloud arrangements, Koeten said, as HR departments or sales teams do their own deals to use online services, sometimes without clearing them with their own IT departments.
No matter what kind of whiz-bang new software capabilities come along, however, users will still be a key point of failure for any computer network. So even if Symantec can deliver on its promises, it may not be able to prevent another Wikileaks disclosure if someone, somewhere is determined to steal and leak information. And we can only imagine what kind of high-speed malware or viruses are already being written at this very moment to try to counter systems like “ozone” or others — one reason the cyber-security game is so profitable is that it never ends.