Better Security Will Enable More Individualized Electronic Marketing

By Ara C. Trembly

While mitigating cyber-risk will be an important security goal in the years to come, better security will also enable more personalized and individualized electronic marketing, says a noted security expert.

According to Simon Perry, vice president and security strategist for Islandia, N.Y.-based Computer Associates, Web access, which is generally anonymous, is going to become less so, in order to help marketers address individual customer needs. “Businesses will need more knowledge, so well move away from anonymity on the Web,” he notes.

“To treat you as individuals, we have to identify you as individuals,” Perry explains. “Personalization comes from security, but I can only offer that if I can differentiate individuals.”

Such authentication security will enable technology to safely provide an increasing number of people with access to information they want and need, he says.

Perrys remarks came in a keynote address during the InfoSecurity Conference held in December in New York.

As a society, we are moving away from physical assets and manufacturing and toward an “intangible” asset–information, Perry notes. Information as an asset is a key driver of security efforts.

Technology, says Perry, has traditionally been “a way of modifying, moving and delivering goods. Instead of ports and railroads [today] we have the Internet.”

“Information technology,” he continues, “exists only to move, manipulate and provide access to information.” Consumers of that information, he adds, could include employees, customers, business partners, etc., but may also include those we want to keep out.

“Information at rest has no value,” he notes. “Value amplifies as we have more access. Granting appropriate access is the key to security.”

Among the technology trends that will affect the security picture is what Perry calls “the move toward ubiquitous wireless connectivity.” He points out that in Asia, it costs about $80 per person to provide a standard telephone connection, versus $8 per person to provide a cellphone.

Wireless communication, says Perry, “is not as secure as it needs to be, but were going to do it anyway.”

The challenge with such pervasive communication is to manage identity and access, he states. In order to securely manage consumer information, “all information consumers must be identified” by means of passwords, biometric devices, and other methods, he emphasizes.

He adds that while some forecasters say biometric devices (fingerprint identification or retinal scan systems) will replace all authentication methods, “they are lying to you. All [of the authentication methods] will co-exist over the next 10 years.”

In order for companies to protect their information infrastructures from attacks, “an auto-response against malicious code is required,” says Perry. He notes that while intrusion detection systems help mitigate risk, detection, by itself, is not enough.

“Intrusion prevention is the new model,” he asserts. “The challenge is to manage it cost effectively.”

In order to provide such protection, vendors are beginning to offer “unified applications” that provide security on multiple levels, says Perry.

The human factor is also critical in keeping a companys information secure, he notes. “Every person in your organization needs to understand that information is an asset that has value. Companies leak information like a sieve. Its incredible.”


Reproduced from National Underwriter Edition, March 3, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.