Securing The Custom System | CRN Magazine

By Dan Neel

By all accounts, client security has become a hot topic, particularly with the growing use of wireless notebooks.

For custom-system builders, integrating security technology such as smart cards, biometrics access devices, wireless hot-spot security solutions and even server-based custom security software code offers a timely opportunity to enhance margins and penetrate new accounts.

Coastline Micro, a system builder in
Irvine, Calif. , is offering a line of notebooks that require a custom CD-ROM card to gain access. Government reseller GTSI,
Chantilly, Va. , is integrating wireless security software into Intel Centrino-powered notebooks to meet U.S. Department of Defense guidelines for mobile systems. And eMazzanti Technologies, a system builder in
Hoboken, N.J. , is assembling custom servers and writing custom software scripts for companies looking to better protect vital server-based data from hackers.

“Custom-building makes our doing a security solution a lot more efficient because we have control over all the components,” said Jennifer Shine, director of marketing and business development at eMazzanti.

But integrating advanced security features such as biometrics devices can pose problems because of a lack of standards. The necessary design constants that ease the integration of security peripherals—form, connectivity and interface—have congealed more rapidly in technologies with an existing blueprint, such as in smart cards, for example. But at the opposite end of the spectrum, biometrics devices continue to be the domain of niche providers, each with their own particular answer to the security problem.

Because of this, integrators adding security peripherals and features not only face the decision of which security add-on will work best within a customer’s IT infrastructure, but also need to consider the ramifications of near-future upgrades or outright changes that could happen in such a young industry.

Standards to settle these concerns are on the drawing boards of organizations such as the International Standards Organization (ISO) and the Oasis group. And the security enhancements sewn into Microsoft’s upcoming Windows XP Service Pack 2 and future Longhorn operating system, as well as Intel’s LeGrande Trusted Computing initiative, are slowly aligning the tectonic plates of industry-standard computing toward easier integration of standardized security technology.

Security customers and vendors are also busy forging rudimentary standards.

The 15-member Physical Security Alliance includes vendors such as Panasonic, Intel and Cisco Systems with the objective of improving physical client security, automated video surveillance, logical access control and biometrics standards. The Department of Defense’s Wireless Directive DoD 8100.2, meanwhile, sets security standards for the use of mobile technology within federal agencies.

Still, industrywide progress is taking time. “I think the security standards movement is moving very slowly,” said Earl Perkins, a security technologies analyst at the Meta Group. “There are still issues to be worked out. So in the short term, you are seeing a lot of form factors and you’ll see security products that occur as one-offs.”

A case in point: When it comes to biometrics fingerprint identification technology, no two products currently work the same way. Also, the lack of multiple sign-in authentication means many proprietary security products fail to take their promise of advanced security all the way to the server.

“I have a fingerprint scanner that replaces an ID and password for getting into Windows XP, and that’s great,” Perkins said. “But if I want to log in and look at e-mail and look at applications, I still have to enter an ID and password.”

Faced with these challenges, integrators successfully deploying security solutions at the client level rely on vendor partnering. GTSI’s mobile solution technology team worked with Senforce,
Orem, Utah , to turn a fleet of Panasonic’s Centrino-powered notebooks into a Department of Defense-compliant solution for one of its customers, said Chris Pate, the team’s director.

Senforce’s Enterprise Mobile Security Manager software manages the network interface and can sense when a notebook changes connections. The software can shut down wireless connections with unauthorized or undocumented hot spots, according to server-based policies. “To be any more secure you’d have to build it into the hardware,” said Kip Meacham, director of technical marketing at Senforce.

Like many of his peers, Pate said biometrics access-control devices are not yet mature enough to deploy en masse. Because of this, not only do smart cards tend to get selected over biometrics as the access-control device of choice, but a lack of understanding in how best to deploy a biometrics solution also works to hinder growth.

“With smart cards, the government has a mandate as to how to buy and deploy the technology. But there is no mandate today for biometrics that says ‘you have to do this and that.’ And until we see a customer policy or a guideline for a security technology, we won’t recommend a customer invest in that yet,” Pate said.

Coastline Micro has been offering smart-card-like security technology to its customers as a way of guarding against unauthorized access to its Reef Series line of custom notebooks. Unlike smart cards, which require a card reader connective via a USB port, Coastline is using a credit-card-size disc that is read by the CD-ROM drive.

CK Global, an Irvine-based startup that makes the CyberKey cards and associated software, is hoping to tap into the custom-system channel to seed the market. “I have five resellers right now that sell our product and also deal with some OEMs direct, but it’s mainly through resellers and integrators, and we want to expand our market,” said CEO Michael Alam.

For Coastline, employing the CyberKey means not having to ask customers to hang a peripheral, USB-based card reader or other device off the side of a client. It is also less expensive, said Pat Nonaze, vice president of IT services at Coastline.

Coastline is also selling security appliances under its own brand. “Security-related sales for us have almost doubled, if not tripled, over the last year,” Nonaze said.

At eMazzanti, being able to custom-build servers and laptops means having complete control when it comes to integrating security features, said Shine. The company customizes servers with firewall technologies for both wired and wireless infrastructures and even writes custom logon scripts that map drives so they aren’t visible, all with complete control over the finished product, she said.

“Security is probably one of the easiest sales for us,” Shine said. “It’s lucrative, and I’d say six times out of every 10 times, we first meet a client because they’re looking into a security solution.”

Going forward, custom-system solution providers tackling security can look for increased support from Microsoft and Intel.

Microsoft’s upcoming Windows XP Service Pack 2 will offer tools ranging from its Dynamic System Protection to advanced virus patch management and firewall capabilities. Intel will add security tools to the CPU level with secure storage and other technologies, which can be leveraged by integrators. For those tackling custom security integration, the reward is there by way of increased revenue.

“We absolutely see an increase in revenue from security add-ons,” said Tom Derosier, co-owner of the CPUGuys,
Hanson, Mass. “But what matters most is that being aware of security and knowing how to integrate it strengthens our relationships with customers.”

Carl Mazzanti is Co-Founder and President of eMazzanti Technologies, Microsoft’s four time Partner of the Year and one of the premier IT consulting services for businesses throughout the New York metropolitan area and internationally. Carl and his company manage over 400 active accounts ranging from professional services firms to high-end global retailers.

eMazzanti is all about delivering powerful, efficient outsourced IT services, such as computer network management and troubleshooting, managed print, PCI DSS compliance, green computing, mobile workforce technology, information security, cloud computing, and business continuity and disaster recovery.  

Carl Mazzanti is also a frequent business conference speaker and technology talk show guest and contributor at Microsoft-focused events, including frequent prominent roles at the Microsoft Inspire (Worldwide Partner Conference / WPC).

Carl, a serial Entrepreneur, gives back to the community through Entrepreneur teaching engagements at Georgetown University, the company’s ocean wildlife conservation effort, the Blue Project, and Tree Mazzanti.

SHARE:

Facebook
Twitter
LinkedIn

Video Resources

Are You It Resources Effective In The New Normal

VIDEO/WEBINAR

Are Your IT Resources Effective in the New Normal?

Align2020 A Virtual Conference

VIDEO/VIRTUAL CONFERENCE

Align 2020
Cyber Security, Compliance & Collaboration

Best Practices For Working In A Modern, Mobile, And Secure Environment

VIDEO/WEBINAR

Best Practices for Working in a Modern, Mobile, and Secure Environment

NEWSLETTER