Users to IBM: beef up security wares

Big Blue’s largest users have spoken: they want IBM Corp. to improve its e-commerce wares and security features. These were just the top two issues that surfaced in a survey by Share, a large IBM user group.

The study, “Strategic concerns of the members of Share,” also pointed to a need for easier ways to share data over disparate platforms, as well as better methods for enterprise application integration and storage management.

The volunteer group, established in 1955, issues the annual survey to its roughly 2,000 members, who represent large companies and educational institutions. Share, which held its biannual meeting earlier this month, then turns over the survey results to IBM to assist the company’s product plans.

As for e-commerce, the Share study says users are looking to IBM to help them integrate business processes and underlying applications. But IBM must also help users extend those processes to partners, suppliers and customers securely and reliably around the clock and around the world.

Brian Jeffery, a consultant at International Technology Group in Pittsburgh, says centralizing and consolidating e-business infrastructures will be the primary focus – and a major problem – for end users in the next year.

“The absolute overriding issue for companies is centralization, and companies are groping back to find the right balance” for their systems, Jeffery says. “The problem everybody has is that nobody planned on a world in which [computers] must talk to everything else, and now we’re dealing with … integration after a couple of decades of not dealing with the issue,” he says.

That thinking changed as companies rushed to bring their businesses on-line and realized their Web operations needed to be tied with their back-end systems.

“This is the morning after e-business, and we’re now in a world where companies need to ask what they need to do next to compete over the next three years, the next five years,” Jeffery says.

IBM has addressed some issues by upgrading its flagship e-commerce software, WebSphere. For example, the new version of WebSphere Commerce Suite features region-specific sales tax and shipping rules, customized product catalogues and localized payment functions, taking aim at e-businesses and business-to-business marketplaces. The company also recently shifted the bulk of its US$650 million annual advertising budget to focus on helping users build e-business infrastructure, which consists of computers, software and services.

E-commerce issues aside, the survey also showed that security worries were also high on the list.

Donald Davis, an IT specialist for the state of California in Sacramento, says intrusion detection will be one of his primary concerns.

“Right now, intrusion detection is very ambiguous about what it does and how it should work,” Davis says. For example, IT staffs must acquire separate tools for managing alerts and raw data. As a result, security staffers have a difficult time tracking the data because of the large amount of information that’s collected.

Share says traditional access control mechanisms, while still important, are no longer sufficient. Organizations must define and implement enterprise-wide security that encompasses user authentication, role-based user access, firewall deployment and administration, server-to-server authentication, data privacy and data integrity.

IBM has been bolstering its security wares via improvements to its Tivoli Systems Inc. SecureWay Security Manager. SecureWay provides a role-based, centralized mechanism for managing and implementing access-control policies from the LAN to the mainframe, IBM says. For example, Tivoli not long ago upgraded SecureWay Policy Director software to handle PDAs and other handhelds. Policy Director software lets IS staff centrally manage the authentication of end users and ensure only the appropriate network resources are accessible to them.