August 18, 2005 4:00 AM PDT
Schooled in security
(continued from previous page)
at the application and host level, Schiller said. Passwords and administrative information on its network are always encrypted, and the openness of the system is taken into account during the university's in-house software development.
"When we develop applications, we assume the network cannot be trusted. With a corporation, they assume it can," Schiller said.
With an increasing number of businesses facing a mobile work force and a desire to share information with customers and partners, the university concept has not been lost on some Fortune 500 companies.
"We're hearing more from corporate America, and they're leaning more toward the methods used by academia," Petersen said. "Corporations are looking for ways to layer security and have more flexibility in what they've traditionally done--which is to secure everything down as much as possible."
Motorola, for one, has compared notes with security officials at the university level.
"When we were looking ahead at our portfolio and how the devices needed to connect and share information?it seemed so logical to look at universities," Motorola executive Boni said.
Boni's information security and protection team analyzed where the company wanted to be in a couple of years and determined that the best way to manage security with individual users was to concentrate on protection in laptops, handhelds and other end-point devices.
"The perimeter would have to go from being very broad to very focused, and when determining this, we felt universities do this," Boni said. "They allow students to bring their own devices onto the campus, find ways to patch them so there's no harm to others and do it without managing applications or IP addresses."
In its drive to create a seamless mobile environment for users, Motorola is also looking at zones of trust for its security architecture. Universities take the approach of "prove to me why you shouldn't have this information," while companies tend to question "why you should have the information," Boni explained, adding that though it's not done so yet, Motorola plans to examine ways to embrace the concept.
Microsoft's trustworthy computing executive Ladd noted that companies in certain sectors, such as finance or health care, may find it more difficult to adopt zones of trust on their networks. That's because they work in a more stringent regulatory climate than other large companies serving large groups of diverse customers.
Though parallels can be drawn between the security efforts under way at corporations and at universities, Ladd said the contribution colleges can make to corporations falls somewhere in the middle--not the first place he would seek to learn new security techniques, nor the last.
But Motorola's Boni believes it's a two-way street.
"Universities are getting better at protecting the sensitive information that they need to protect, while corporate America is aware that we need to do a better job at collaborative information sharing," Boni said. "There are things to be learned by both sides."
18 commentsJoin the conversation! Add your comment