A recent survey commissioned by AT&T and conducted by the Economist Intelligence Unit polled close to 400 people from Canada and around the world about their network security concerns. According to the research, 60 per cent of Canadian executives and 52 per cent of executives globally said a converged network would give their companies better protection against IT security breaches. Cost of new equipment and implementation were the major barriers to adoption.“That final choice is usually a financially driven decision. A lot of it depends on what equipment is in the network right now, where it is in its lifespan, and can you cost-justify the move,” said Steve Taylor, vice-president sales for AT&T Global Services Canada. “You need to figure out what kind of IP-enabled pieces that you need to hang off of your data networks.”
The research report said 67 per cent of Canadian executives cited hackers as the worst security threat, compared to the global average of 49 per cent. Identity theft was also mentioned by 40 per cent of Canadian respondents, slightly more than the 32 per cent global average.
“I think organizations are underestimating the internal risks,” Taylor said. “I was a bit surprised by that.”
That could be because some companies are outsourcing to deal with internal threats rather than converging around IP. Vancouver-based CHIP Hospitality LP, for example, recently said it was moving its IT infrastructure to a Fusepoint facility to ensure its data is secure enough to meet regulatory requirements.
Peter Smolik, CHIP’s IT director, said the company was concerned about the segregation of duties that’s required by Sarbanes-Oxley and other regulations. For example, if the same people who manage the network should not also have admin privileges to manage the servers on that network.
“From a SoX perspective, you need to have checks and balances, someone who would implement something but doesn’t administrate it. We’ve moved to a structure where we’ve reduced our risk, basically.”
Although 30 per cent of Canadian firms said handling customer data made them extremely vulnerable, they were less threatened than their global peers by the process of analyzing and acting upon it, the report said. This could reflect some maturation in how Canadian firms manage content. The Canada Council for the Arts, for example, recently said it will be upgrading later this year to the latest version of EMC’s Documentum Records Analyzer to handle grant applications and its library.
Each year the council receives between 15,000 and 17,000 grant application files, said Michelle Chawla, the organization’s corporate secretary. Included with the forms are examples of artist’s work.
“Depending on what art discipline we’re talking about there’s slides, there’s music CDs,” she said. The Council has also started offering online applications, another form of file to be managed.
Twelve per cent of companies surveyed said they leave safeguarding data up to a chief security officer, but only three per cent of Canadian firms had someone in this role. Taylor said he expects that to change, in part due to convergence.
“The number of PCs has gone up, every company is trying to get connected to clients online – there are many more portals into your company than you ever used to have.”