Securing The Custom System | CRN Magazine

SHARE

By Dan Neel

By all accounts, client security has become a hot topic, particularly with the growing use of wireless notebooks.

For custom-system builders, integrating security technology such as smart cards, biometrics access devices, wireless hot-spot security solutions and even server-based custom security software code offers a timely opportunity to enhance margins and penetrate new accounts.

Coastline Micro, a system builder in
Irvine, Calif. , is offering a line of notebooks that require a custom CD-ROM card to gain access. Government reseller GTSI,
Chantilly, Va. , is integrating wireless security software into Intel Centrino-powered notebooks to meet U.S. Department of Defense guidelines for mobile systems. And eMazzanti Technologies, a system builder in
Hoboken, N.J. , is assembling custom servers and writing custom software scripts for companies looking to better protect vital server-based data from hackers.

“Custom-building makes our doing a security solution a lot more efficient because we have control over all the components,” said Jennifer Shine, director of marketing and business development at eMazzanti.

But integrating advanced security features such as biometrics devices can pose problems because of a lack of standards. The necessary design constants that ease the integration of security peripherals—form, connectivity and interface—have congealed more rapidly in technologies with an existing blueprint, such as in smart cards, for example. But at the opposite end of the spectrum, biometrics devices continue to be the domain of niche providers, each with their own particular answer to the security problem.

Because of this, integrators adding security peripherals and features not only face the decision of which security add-on will work best within a customer’s IT infrastructure, but also need to consider the ramifications of near-future upgrades or outright changes that could happen in such a young industry.

Standards to settle these concerns are on the drawing boards of organizations such as the International Standards Organization (ISO) and the Oasis group. And the security enhancements sewn into Microsoft’s upcoming Windows XP Service Pack 2 and future Longhorn operating system, as well as Intel’s LeGrande Trusted Computing initiative, are slowly aligning the tectonic plates of industry-standard computing toward easier integration of standardized security technology.

Security customers and vendors are also busy forging rudimentary standards.

The 15-member Physical Security Alliance includes vendors such as Panasonic, Intel and Cisco Systems with the objective of improving physical client security, automated video surveillance, logical access control and biometrics standards. The Department of Defense’s Wireless Directive DoD 8100.2, meanwhile, sets security standards for the use of mobile technology within federal agencies.

Still, industrywide progress is taking time. “I think the security standards movement is moving very slowly,” said Earl Perkins, a security technologies analyst at the Meta Group. “There are still issues to be worked out. So in the short term, you are seeing a lot of form factors and you’ll see security products that occur as one-offs.”

A case in point: When it comes to biometrics fingerprint identification technology, no two products currently work the same way. Also, the lack of multiple sign-in authentication means many proprietary security products fail to take their promise of advanced security all the way to the server.

“I have a fingerprint scanner that replaces an ID and password for getting into Windows XP, and that’s great,” Perkins said. “But if I want to log in and look at e-mail and look at applications, I still have to enter an ID and password.”

Faced with these challenges, integrators successfully deploying security solutions at the client level rely on vendor partnering. GTSI’s mobile solution technology team worked with Senforce,
Orem, Utah , to turn a fleet of Panasonic’s Centrino-powered notebooks into a Department of Defense-compliant solution for one of its customers, said Chris Pate, the team’s director.

Senforce’s Enterprise Mobile Security Manager software manages the network interface and can sense when a notebook changes connections. The software can shut down wireless connections with unauthorized or undocumented hot spots, according to server-based policies. “To be any more secure you’d have to build it into the hardware,” said Kip Meacham, director of technical marketing at Senforce.

Like many of his peers, Pate said biometrics access-control devices are not yet mature enough to deploy en masse. Because of this, not only do smart cards tend to get selected over biometrics as the access-control device of choice, but a lack of understanding in how best to deploy a biometrics solution also works to hinder growth.

“With smart cards, the government has a mandate as to how to buy and deploy the technology. But there is no mandate today for biometrics that says ‘you have to do this and that.’ And until we see a customer policy or a guideline for a security technology, we won’t recommend a customer invest in that yet,” Pate said.

Coastline Micro has been offering smart-card-like security technology to its customers as a way of guarding against unauthorized access to its Reef Series line of custom notebooks. Unlike smart cards, which require a card reader connective via a USB port, Coastline is using a credit-card-size disc that is read by the CD-ROM drive.

CK Global, an Irvine-based startup that makes the CyberKey cards and associated software, is hoping to tap into the custom-system channel to seed the market. “I have five resellers right now that sell our product and also deal with some OEMs direct, but it’s mainly through resellers and integrators, and we want to expand our market,” said CEO Michael Alam.

For Coastline, employing the CyberKey means not having to ask customers to hang a peripheral, USB-based card reader or other device off the side of a client. It is also less expensive, said Pat Nonaze, vice president of IT services at Coastline.

Coastline is also selling security appliances under its own brand. “Security-related sales for us have almost doubled, if not tripled, over the last year,” Nonaze said.

At eMazzanti, being able to custom-build servers and laptops means having complete control when it comes to integrating security features, said Shine. The company customizes servers with firewall technologies for both wired and wireless infrastructures and even writes custom logon scripts that map drives so they aren’t visible, all with complete control over the finished product, she said.

“Security is probably one of the easiest sales for us,” Shine said. “It’s lucrative, and I’d say six times out of every 10 times, we first meet a client because they’re looking into a security solution.”

Going forward, custom-system solution providers tackling security can look for increased support from Microsoft and Intel.

Microsoft’s upcoming Windows XP Service Pack 2 will offer tools ranging from its Dynamic System Protection to advanced virus patch management and firewall capabilities. Intel will add security tools to the CPU level with secure storage and other technologies, which can be leveraged by integrators. For those tackling custom security integration, the reward is there by way of increased revenue.

“We absolutely see an increase in revenue from security add-ons,” said Tom Derosier, co-owner of the CPUGuys,
Hanson, Mass. “But what matters most is that being aware of security and knowing how to integrate it strengthens our relationships with customers.”

UPCOMING VIRTUAL EVENTS

Demystifying Cyber Security for SMBs

sb-cyber-security-master-class

The continually changing threat landscape requires us to update best practices and add new concepts to keep your organization safe.

SESSION 4: Cyber Security Strategy
Watch On-Demand

SESSION 5: Cyber Insurance & MFA
Watch On-Demand

SESSION 6: Threat Detection | JAN. 15

Microsoft Copilot
Master Class Workshop

sb-microsoft-copilot-master-class

eMazzanti will host 60-minute Master Classes, that speak to how AI can help your business streamline and grow.

In each session, you will have Artificial Intelligence and Automation explained, view a live demo of Copilot, and see it live in action in a dynamic format.

RESOURCES

Cyber Security Awareness Hub

sb-Cyber-Security-Awareness-Hub

Cyber Security Awareness Kit, designed to be delivered to your team in bitesize chunks.

We are sharing the resources and highlighting services your organization needs, covering everything from multifactor authentication to software updates, showing your users just how easy it is to improve their security posture.

Resource Library

sb-resource-library

Insights to help you do what you do better, faster and more profitably.

> Tips to Stay Protected Against Phishing Attacks

> Understanding Ransomware 

> The 6 Known Wi-Fi Threat Categories Targeting Your Business and How to Defend Against Them

> Practical Advice for Avoiding Phishing Emails

Recent Articles

NEWSLETTER

Categories