Unisys Launches Global Security Consulting Practice

New security program takes broad-based look at corporate vulnerability.

• By Matt Migliore
• 12/23/2002

With the launch of Zero-Gap, Unisys becomes the latest in a series of big-name vendors to announce new security services in recent months, as corporate vulnerability has become a hot-button issue in the wake of the September 11 terrorist attacks.

Unisys believes it is uniquely positioned to address enterprise security on a worldwide scale. “We’ve been doing security work for three decades,” says Mike DiLeva, a director of security for Unisys. “We clear 51 percent of the world’s checks on a daily basis and we’ve got 700 certified security consultants worldwide.”

The Zero-Gap program is based on security best practices established by the International Organization for Standardization, a worldwide federation of national standards bodies. It includes a formal security assessment, an information architecture assessment, and an implementation phase.

The security assessment portion of the program examines both technology and business processes. It looks for security holes in the physical, operating, cyber, and financial elements of a company’s infrastructure—an approach DiLeva feels is reflective of a growing industry awareness that security is more than just a technology concern.

“Security today is not an IT issue—it’s a board-level issue,” says DiLeva. “A company may be looking at security just in terms of privacy or just in terms of infrastructure management, but it’s really all of that.”

The architecture assessment of Zero-Gap focuses on the management systems an organization has in place. Whereas the security assessment looks for security holes in general categories, the architecture assessment examines specific items (such as a firewall) and how they're managed.

In the implementation phase of the program, Unisys works with the customer to identify ways to eliminate security holes. DiLeva acknowledges that at this stage of the process most enterprises will have to prioritize their vulnerabilities and address their most critical security issues first. He says, “[Implementation] doesn’t mean you have to buy all of it, but you have to be aware of it and understand where the potential liabilities are.”

Unisys is in the process of building four data centers to support the Zero-Gap program. From those facilities the company will be showcasing the capabilities of its security-focused partner solutions, conducting research and development, and providing managed security services. One of the data centers, based in McLean Va., is already fully operational. The others (in Amsterdam, Latin America, and the Far East) are in various stages of development.

Research at the Zero-Gap data centers will be spearheaded by a contingent of Unisys’s security consultants. DiLeva says the goal of the research will be to develop security solutions for customers, not to make scientific advances, as is the case in most R&D environments.

Much of the philosophy behind Unisys’s vision of security consulting is based on previous engagements with customers, particularly its recent work with the U.S. Transportation Security Administration (TSA), a new agency enacted by Congress to eliminate security holes in America’s transportation infrastructure. Under terms of its deal with the TSA, Unisys is working to implement technology and re-engineer business processes to foster a more secure travel environment. DiLeva credits the work Unisys has done so far on this project for helping fine tune the Zero-Gap program.

Moreover, DiLeva points to the TSA as an example of how the perception of security has changed post-September 11. DiLeva says people now realize “security is not something you fix in a particular quarter, it’s not something you can put into your budget and buy. It’s a journey.”