Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>
25Nov98 EASTERN EUROPE: COMPANY - IS YOUR IT SYSTEM SECURE? COUNTRY
BRIEFING
FROM THE ECONOMIST INTELLIGENCE UNIT
For nights of sleep lost, few problems rival the loss of vital corporate
information. And in few places around the world is the potential for data
going missing higher than in Eastern Europe. Though the largest foreign
companies long ago put secure and reliable communications systems in
place, many have not. It's a large risk to be taking.
Reliability is the key to smooth corporate communications, and that means
back-up systems. "Any network manager worth his salt wants bullet-proof
back-ups," says Tom Newbold, managing director of Metrotel, the
Prague-based regional distributor for Orion Systems, a US-based satellite
service. "You can't rely on one pipe." It also means coping with the
fragmented nature of the regional market. Says Mark Dennehy, country CFO
for ABB (Sweden/Switzerland) in the Czech Republic: "Whereas in Western
Europe we negotiate a pan-[regional] deal with AT&T (US), [in Central and
Eastern Europe] we work with the local operators."
Unsurprisingly, many companies prefer one-stop shop IT solutions. Take
Infonet Services Corporation (US), which creates partnership agreements
with telecoms firms (not necessarily the monopoly PTTs), thereby enabling
the company to offer a seamless service across all markets. Billing is
easier, too: Infonet customer Volkswagen (Germany) can be charged in
D-marks for its regional telecoms needs, for instance, replacing dozens of
invoices denominated in koruna, zlotys or roubles.
Satellite-based systems are another option: Orion's customers in the
region include Colgate-Palmolive, Westinghouse, PepsiCo (all US) and
Creditanstalt (Austria). Reconfiguration of a firm's network can take
hours, not the days or weeks common with local fixed-line operators. And
with construction commonplace in most East European capitals, land lines
are still susceptible to an errant pickaxe or shovel. Or a well-aimed one.
Mr Newbold tells of one potential customer in Moscow which is convinced
that "construction" in front of the office is undertaken on the orders of
a competitor, eager to interrupt business. The firm's communications
network has been cut three times in the last several months.
If security is a concern, companies can do a lot to help themselves. "I
can't tell you how many companies send unencrypted contracts, acquisition
models or pricing schedules over the Internet," says Mr Newbold. The risks
are very real-Mr Newbold tells of one hacker who tapped into a circuit
running from New York to Washington DC. Telling his computer to look for
any e-mail with the words "acquisition" and "merger", he was able to tap a
rich vein of commercial gold: the correspondence of investment banks and
law firms working on deals worth tens of millions. The menace is
aggravated in Eastern Europe by the variety of languages-encrypting the
word "acquisition" in English-language contracts is not enough if Czech or
Hungarian translations are also floating through the ether.
Security problems are far less common on dedicated terrestrial networks.
Virtual private networks based on leased lines and/or frame-relay
technology are far safer than the Internet (where each firm shares
bandwidth with thousands of others). On the software side, distributed
database tools like LotusNotes offer an acceptable level of security for
most firms.
For peace of mind, follow a few simple rules:
* Under no circumstances should off-the-shelf Internet applications be the
sole means of sending information. At the very least use a distributed
database tool. When using the Internet, employ encryption on all
Internet-borne messages.
* Back-ups are a must-not only of data, but of the infrastructure used to
transport the information. If your terrestrial circuit occasionally goes
haywire, investigate using satellite technology as a fall-back.
* Train your staff. Loquacious employees can be far worse enemies than
flawed systems. Teach them to keep potentially sensitive material out of
everyday intra-firm e-mails. You never know who's listening.
SOURCE: Business Eastern Europe. EIU COUNTRY BACKGROUND 25/11/1998
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 08:59:08 1998