Savvis Cites Security Challenges

The head of security at Web hosting giant Savvis bemoaned the lack of interoperability among different security products and urged users to harden” their servers at the Information Security Decisions conference in New York today.

Bill Hancock, Savvis's chief security officer told NDCF that the service provider relies on a plethora of technologies for firewalling and identity management, but getting them to link up is another matter. “Most security tools are off the shelf -- they do not talk to each other,” explained Hancock.

Savvis, for example, relies on a host of different vendors in the identity management space. “There’s 18 companies out there; none of them talk to each other,” he moaned. “You end up buying 18 products and trying to integrate them.”

Hancock is not the first user to voice his concern about identity management. Other execs have already complained that current offerings do not offer the breadth of functionality they need. (See CIOs Face Identity Crisis and Identity Management Heats Up.)

A number of organizations, including ChoicePoint and LexisNexis, have suffered high-profile security breaches during recent months, so it is hardly surprising that identity management is so high on Savvis's agenda. (See LexisNexis Begins Mailing Notifications.)Firewalls are also posing a challenge for Savvis, which uses 19,000 of the devices. “I have 13 different firewall vendors because they do different things” said Hancock. But, he added, none of these uses the same log format, which records what data has either passed through or been blocked by the device.

An IT manager from the financial sector, who asked not to be named, agreed that this is also a big issue for him. “I think [Hancock] is right on -- that’s a huge problem,” he said. “You need to be able to get [the log format] so that you can correlate all that information.”

Hancock also identified servers as a key pain point. “Probably the hardest thing in security is to secure a server,” he said, thanks largely to the vast amounts of data they hold. This is particularly tricky for Savvis, which uses literally, “hundreds of thousands” of the machines.

But “hardening” these devices is the key to success. “We spend a lot of time hardening servers and making sure that the patch levels are up to date,” said Hancock. Hardening could involve, for example, “turning off processes and services that you don’t need [and] getting rid of directories that you don’t need. Doing those two things can solve 85 to 90 percent of your security issues.”

Like many IT managers, Hancock admitted that one of the biggest challenges he faces is compliance -- and he has to contend with a lot more than just the Sarbanes-Oxley Act. “I have got operations in 47 countries, so you can imagine what compliance means for me."The exec also urged businesses to be on their guard to counter a new breed of stealthy hackers. “The really good ones, they come in, they do what they are going to do, and you will never know. [Skillful] hackers hack quietly because they want to come back.”

— James Rogers, Site Editor, Next-Gen Data Center Forum

Companies mentioned in this story: