In-Depth

November Industry News

• 11/01/1999

IBM has agreed to acquire DASCOM Inc. (Santa Cruz, Calif.), a provider of Web-based and enterprise security technology. DASCOM will become a wholly owned subsidiary of IBM.

IDC Research estimates that the market for access control, authorization and administration – the largest segment of the Internet security market – will grow 18.3 percent yearly to $3.7 billion in 2003. Access control and authorization provide centralized control over who may access and use a company’s applications, data and other resources via the Web. For a wide variety of Web-based applications – such as inventory management, portals, customer service and transactions that involve the exchange of money or personal information – the ability to grant and revoke access to applications and data is critical to e-business security.

DASCOM employs approximately 100 people and has sales and development locations in Santa Cruz, Calif.; Austin, Texas; the United Kingdom and Australia. DASCOM customers include many Fortune 100 companies.

***

According to a study from Cutter Consortium, 19.7 percent of companies have no formal IT security policy or standard. Of this number, 60 percent plan to implement a formal IT security policy and security standards by the end of 2000, but 13.3 percent have no plans to implement any policy.

Sheila Green is a Senior Analyst for Cutter Consortium, an IT research and consulting firm. According to Green, there could be many factors that contribute to these numbers, including Year 2000. Says Green, "Perhaps some companies are putting off work on their security policy until Year 2000 issues have been resolved. I hope not, because security breaches could go undetected amidst abnormal behavior resulting from or attributed to Year 2000 computer problems."

Green continues, "There has been some concern over security problems being introduced through Year 2000 remediation. An organization that does not have a formal security policy and standards has a greater likelihood of encountering problems during and after the Year 2000 rollover."

Green concludes, "In the fast-changing world of the Internet and distributed computing, it becomes increasingly difficult to keep up with security concerns. So you would expect many companies to look outside their own organization for help with IT security issues, but Cutter’s research shows that this is not the case. Only 25 percent of respondents to our study have used outside consultants to develop their IT security policies or standards."

For more information, visit www.cutter.com/consortium.

***

The MERIT Project conducted a comprehensive survey at interBiz World ’99, focused on management issues concerning electronic commerce. MERIT (Maximizing the Efficiency of Resources in Information Technology) is a globally supported initiative that brings together clients, business partners and value-added resellers to promote increased IT reliability, availability, service levels and return on investment. The survey will be followed by the creation of a MERIT subcommittee to study e-business and inter-business requirements.

The goals of the 1999 e-business survey include discovering the current level of engagement in e-business, uncovering current and future e-business management strategies, and determining the financial impact e-business will have on businesses in the future.

For more information on the survey, visit www.meritproject.com.

***

Y2K budgets at many large nonfinancial corporations have jumped as much as five-fold, indicating that management may have greatly underestimated the scope of their Year 2000 computer problems, according to a recent study by Weiss Ratings Inc.

OGE Energy Corporation reported a Y2K budget of $35 million in its March 31, 1999, SEC filing, representing a 483 percent increase from the $6 million the company disclosed at year-end 1998. The company has received a Weiss Y2K Rating of "low," primarily reflecting concerns regarding the integrity of its budgeting process.

Kroger Company (not rated due to insufficient data) boosted its budget by 158 percent from $31 million to $80 million, while Fluor Corp. (rated "low") more than tripled its budget from $15 million to $55 million.

Even some technologically advanced companies have had difficulty gauging the costs of their future Y2K fixes. America Online Inc. (AOL) has boosted its Y2K budget to $20 million as of March 31, 1999, more than double the $8 million estimate of three months earlier, and four times larger than the estimate of six months earlier. AOL is rated "low" due to the company’s apparent failure to accurately estimate future Y2K costs, and the lack of progress in using those funds.

The largest nonfinancial companies rated "below average" for their Y2K readiness include AT&T Corporation, Bell Atlantic Corporation, Motorola Inc., PepsiCo Inc., SBC Communications Inc., United Technologies Corporation, ConAgra Inc., United Parcel Service of America Inc., BellSouth Corporation, International Paper Company, MCI Worldcom Inc., Atlantic Richfield Company and UAL Corporation.

Meanwhile, large "high"-rated companies include Phillip Morris Companies Inc., J.C. Penney Company Inc., American Stores Company, AMR Corporation, American Express Company and AlliedSignal Inc. These have generally reported consistent Y2K budgets over time and consistent progress in duly allocating those resources to Y2K remediation efforts, indicating advanced states of completion.

For more information, visit Weiss Ratings Inc.’s Web site at www.weissratings.com.

***

The U.S. government’s National Institute of Standards and Technology (NIST) added the IBM S/390 CMOS Cryptographic Coprocessor and the IBM 4758 PCI Cryptographic Coprocessor to its Cryptographic Modules Validation list. The two IBM security products were formally recognized at the 22nd National Information System’s Security Conference awards ceremony in Gaithersburg, Maryland.

Both the IBM 4758 PCI and the S/390 CMOS Cryptographic Coprocessor were awarded a Level 4 certification, the U.S. government’s highest certification for commercial security in late 1998 and early 1999, respectively. These IBM security devices are the only Cryptographic Coprocessors that have been awarded this level of validation. Granted by the U.S. Department of Commerce’s NIST organization, this security certification is known as the Federal Information Processing Standard (FIPS) 140-1. FIPS 140-1 certification requires an independent, accredited laboratory to perform rigorous testing and thorough security evaluations on behalf of NIST.

The S/390 CMOS Cryptographic Coprocessor is a specialized, hardware cryptographic chip that allows S/390 Parallel Enterprise servers to execute both symmetric key and public-key algorithms for highly secure electronic commerce. The Cryptographic Coprocessor facility performs all cryptographic functions entirely in hardware, within a physically secure boundary. It contains neither software nor micro-code making it virtually tamper-resistant to hackers.

The IBM 4758 PCI Cryptographic Coprocessor is a tamper-responding, programmable PCI card. Its specialized cryptographic electronics, a micro-processor, memory, and random number generator are housed within a tamper-responding environment.

***

The Source Recovery Company, LLC (SRC) has received a patent for technology used in RESource, SRC’s software product, which has successfully recovered more than 1,000,000 lines of missing source code. RESource has proven so effective, according to SRC President Barry Clapp, that none of SRC’s clients have taken advantage of the company’s guarantee, which promises that recovered code will be 100 percent functionally equivalent to the original code.

The problem of recovering missing source code is so difficult to address, one analyst compared it to "turning a sausage back into a pig." Having turned the sausage back into a pig, Clapp said SRC has turned its attention to using its foundation of research and experience to tackle other complex industry needs, such as application integration, and systems monitoring and diagnosis.

During the past several years, SRC has used RESource to recover source code for more than 120 Fortune 1000 companies. Clapp sees a growing need for RESource as IT organizations begin to focus more closely on maintenance of their software portfolios, which will create an ongoing need for RESource. The GartnerGroup estimates that the typical company is missing 3 percent to 5 percent of its source code. For further information, visit SRC’s Web site at www.source-recovery.com.

***

Intranets are increasingly becoming an integral component of an organization’s information technology infrastructure. A recent survey from IDC on intranet uses and intended usage revealed companies’ use of intranets is expanding to include more applications.

"The intranet is beginning a critical change in its evolution," said Mike Comiskey, an analyst with IDC’s Intranet Strategies research program. "User expectations have risen to a level that eclipses the notion of the intranet as a secondary information resource."

The IDC survey revealed that the top four intranet uses remained the same as last year: information sharing, information publishing, e-mail, and document management. However, the survey showed applications, such as data conferencing, that played less significant roles on intranets in the past play a more significant role this year and are being used more often.

Other findings from IDC’s survey included:

• Most organizations surveyed rely on internal expertise when designing or implementing an intranet.

• More than half the organizations surveyed had a corporate standard for Web browsers.

• Microsoft’s Internet Information Server is the most widely used HTTP server among respondents.

• Of the organizations surveyed that did a post-implementation analysis, most said their goals had been met or exceeded.

The survey also revealed the corporate mindset on information is changing. Companies are moving from a top-down hierarchical philosophy to a more open, horizontal, collaborating one.

"Whether or not the intranet is responsible for transforming the insular information-hoarding mentality that has established itself over many years in business, it is clear that intranets enable better information sharing," said Ian Campbell, Vice President of IDC’s Collaborative Technologies group."

For more information, visit IDC’s Web site at www.idc.com.

***

Online retailers are already gearing up for a very happy holiday season, with worldwide electronic commerce projected to surpass $12.2 billion, according to Dataquest Inc., a unit of Gartner Group Inc. In 1998, online shopping reached $4.5 billion.

The United States is expected to dominate online holiday shopping with 70 percent of revenue. Europe is projected to account for 15.5 percent of revenue, while Asia/Pacific is forecasted to have 7 percent of consumer electronic commerce this holiday season.

Dataquest analysts said new technologies will help ignite purchases on the Internet. More specific targeting initiatives to consumers will also spur revenue this year.

Additional information on this program is available on Dataquest’s Web site at www.dataquest.com.

***

IBM’s developerWorks is a free, online resource focused on open industry standards and designed to help developers build better software. With this comes the developerWorks’ Open Source Zone, a forum for all of IBM’s open source projects that will allow developers to submit changes and fixes to code. In addition, there is now a revamped developerWorks Security Zone that provides more complete information about writing secure code.

Based on a public license recently approved by the Open Source Initiative, developerWorks Open Source is designed to become a central repository for all IBM open source projects. developerWorks Open Source moves beyond just accessing code, by allowing developers to suggest changes and fixes to it. All code provided in this zone will have an overseeing body, comprised of developers from both inside and outside IBM who will review any suggested changes to the code. If the overseeing body ratifies the suggestions, the changes become part of the standard for the code.

For additional information, visit www.software.ibm.com.