A Delicate Balance A Visual Guide to Secured Business Operations
Introduction Introduction
It’s big. It’s bright. It’s vulnerable. Today, as a business leader, you’re on the hook. And too often in the dark, pressured by the Three Rs of global management: Regulation, Reputation and Risk. Regulation: CEOs sign off on Sarbanes 404 processes, and government leaders design the regulations to protect all interests—each not always knowing the best blueprint for implementation. Reputation: Reputations can vanish overnight—all by what you don’t know. Risk: From mergers and acquisitions, to global trade, to immigration snafus, cascades
3
Introduction Introduction
More than 5,000%
2,000% to 5,000%
1,000% to 2,000%
500% to 1,000%
UNITED STATES
BRAZIL
FRANCE
UNITED KINGDOM
GERMANY
+357%
+797%
+219%
+262%
+193%
Less than 500%
A Look at the Future The map above shows projected GDP growth between 2000 and 2050, according to a Goldman Sachs report. The projected figures at right show China overtaking the United States as the nation with the world’s largest gross domestic product sometime around the year 2040.
YEAR
UNITED STATES
BRAZIL
UNITED KINGDOM
2000 2025 2050
$9.82 trillion $18.3 trillion $35.1 trillion
$762 billion $1.69 trillion $6.07 trillion
$1.44 trillion $2.46 trillion $3.78 trillion
Source: The Goldman Sachs Group, Inc. (2003)
of undetected risks can be unleashed throughout the extended enterprise. And there lies the issue. Today, the devil’s bargain of globalization is the demon of
So What’s New Here? Not the hardware or necessarily the technology. In this new world, from RFID
complexity: More to go right, and more to go wrong—faster, farther, and deeper than
to iris scanners, the technology is all out there, mature, proven and affordable.
ever before. But today, there is a way to minimize global meltdowns—with holistic
What is new is the demand to converge physical security with data security, thereby
solutions that converge logical security with physical security, helping you to better manage risk and optimize operations. That way, you avoid or take the bad risk in stride, while focusing on the risks that truly drive shareholder value. Balancing good risk with the bad: This is the challenge of this new environment. One system. One view of physical and digital reality. All driving stronger control and greater competence.
connecting all your data and technology on a single global infrastructure. Power grids. Air traffic control. Financial systems. Emergency response networks. Everything that matters. All in one highly controlled, tightly connected network. Today, these once separate worlds can be connected and protected on a single seamless platform. This is what we mean by converged security: security in which “inside” merges with “outside,” meaning where the world of data and IT merges
INDIA
CHINA
RUSSIA
+5,928%
+4,159%
+1,501%
JAPAN
+159%
ITALY
+190%
FRANCE
GERMANY
ITALY
RUSSIA
INDIA
CHINA
JAPAN
$1.31 trillion $2.09 trillion $3.15 trillion
$1.87 trillion $2.60 trillion $3.60 trillion
$1.08 trillion $1.62 trillion $2.06 trillion
$391 billion $2.26 trillion $5.87 trillion
$469 billion $3.17 trillion $27.8 trillion
$1.07 trillion $10.2 trillion $44.5 trillion
$4.18 trillion $5.57 trillion $6.67 trillion
with the world of physical security. The result is an ability to manage across the
As a result, you can focus more on value-added investments and
entire enterprise in terms of protecting people, data, places, and things. The power,
correspondingly less on fire drills and damage control. As Coca-Cola Chairman and
then, is in the integration. And often, that means better integrating the resources
CEO Neville Isdell puts it, “The companies that succeed in the 21st century will be
and technologies that you already have.
those that manage change without disruption.”
What’s more, by using open architectures, your network can be “futureproofed,” with more advanced technologies easily added in orderly sequences,
Transformation #1: A Growing Threat Environment
without a lot of costly rework. By integrating these two worlds, your system gains
The trouble is, the threat environment is constantly changing.
an enhanced ability to spot, respond, and avoid threats. With autonomics—
As FBI Director Robert Mueller observed not long ago, “In
self-healing IT technologies—your system better balances capacity, uses fewer
this world of technological advances, every 18 months the
resources, and quickly heals itself in the event of a disruption.
threats will change, and we have to be agile enough to
5
90 percent
Introduction
Amount of world cargo that moves by sea.
35 percent Amount of world trade that moves along the Malacca Straits, the world’s most pirateinfested waters.
address those threats when they do change. The simple truth is, we do not protect
$50 million
cyberspace to the same extent that we protect our physical space. We have left
2,777 per day
our doors open to our business practices, our sensitive data, and our intellectual
Malicious code threats worldwide.
Ransoms paid to Somali pirates. “Unprecedented,” says Lloyds of London.
1 million
18.5 million
Number of computers hit by viruses or Trojan horses in 2007.
Number of containers that arrived in U.S. ports in 2007.
116 hours
5 percent
Average time ID theft victims spend repairing the damage.
Amount of containers physically screened each year.
property.” Case in point: In just one haul, 40,000 credit cards were stolen. And 70 percent of those victims—ex-customers, rather—reported spending 12 months to restore their credit. Staggering—an annual cost of almost $50 billion. And for too many organizations, business as usual. The other related challenge is risk management, but here again, it’s a delicate balance. In this case, it means balancing compensated risk—the risk that the marketplace rewards—with uncompensated risk, never rewarded but only punished if you miss. But just what is the nature of this risk? It is the risk of an almost fathomless complexity unleashed by everyone and everything that your organization is connected to within a vast global network. In the old days, when organizations could build a moat and control everything within their four walls, they never had to deal with such risk and complexity. Today, the opposite is true, and the result can be like a vast power grid—terrific to behold when the lights are on and the sun is shining. But what about when risk spikes? The result then is not unlike the domino effect of a power-grid blackout, when one node or tree can trigger a cascade of outages, taking down states and even whole regions—again, because of how much larger, complex and densely interconnected the system is. Now consider some of the triggers in your world. Your system gets hacked or a hard drive disappears—tens of thousands of
“The U.S. FBI estimates there are 100,000 computer viruses on the Internet, and copyright and trademark theft costs $25 billion annually. It has become such a concern that computer crimes only rank behind stopping terrorism and counterintelligence as FBI priorities.” — COMPUTER CRIME RESEARCH CENTER
$650 billion Worldwide counterfeit theft annually.
50 percent Percentage of counterfeit pharmaceuticals, according to the World Health Organization.
$200-250 billion Estimated U.S. losses from counterfeit drugs.
$1 trillion Amount of money laundered globally each year.
$911 billion Bad debt carried in Chinese banks—40 percent of GDP.
“Our ability to compete in the global economy, to protect ourselves against crime and terrorist attack, depends not on walls and fences but on our ability to use information.” — U K P rime M inister gordon brown
20-plus Number of freighters owned or controlled by Al Qaeda.
165 million Number of records exposed globally in 2007.
20 percent
55 percent
Portion of the U.S. Federal budget spent to fight terrorism annually.
Increase of attacks on U.S. Military networks.
14,000
$2 trillion
Terrorist attacks globally in 2007.
Estimated cost of a bird flu pandemic.
81 million
20 percent
Number of fingerprint records on the FBI database.
World population potentially affected by a bird flu pandemic.
$3.5 trillion Amount of U.S. commerce supported by air shipments annually.
35 percent Amount of world trade that moves by air.
158 percent Increase in cyber-attacks in 2007.
7
Introduction
identities lost, as T.J. Maxx and Marshalls owner, The TJX Companies, discovered
regulations, like Sarbanes-Oxley and 404; with stakeholders and activist shareholders;
when 45.7 million credit and debtor records went missing. Or the wrong person is
with round-the-clock, whistleblower stock news; with the new global high-bar of
waved across a border. Or a rogue medicine bottle bearing your name becomes
global corporate responsibility; and finally, with the new dynamics of the stakeholder
the lead story on CNN. Whatever happens, in a global world, it happens fast, as
revolution—many more people and groups to keep happy.
what carried your fortunes up carries them down with the force of a wrecking ball. What you feel then is literally the connected weight of the world as everything
Then there are the effects of globalization itself—beginning with the huge rise in global standards and regulation, and continuing with the ever-mounting risk as
you’re connected to spirals out of control. Like hitting the brakes on black ice—
organizations expand their footprints. Take food security, one of the top risks noted by the
ill-prepared and seeing only part of the picture—organizations can over-react and
2009 World Economic Forum. Already this year, there have been multiple scares. But why?
skid out in such situations, with no good way to steer and no way to stop.
With new technology and sensors, supply chain managers can track food in real time,
Take cyber-crime. In a 2007 Deloitte survey of the top global financial
registering every detail about its condition, temperature or location.
institutions in 32 countries, 65 percent reported external breeches. Of these, 25 percent involved more than $1 million in losses, and 4 percent experienced losses that ran as high as $49 million. And why? Often because of the sheer
Transformation #3: A Loss of Control with Critical Information Finally, there are the competitive risks of Globalization 3.0, when virtually
complexity of the circuitry, stretching through dozens of nodes. That’s a lot to go
every organization has a hub in India or China, if not both. One big issue is how to
wrong, especially at Internet speeds.
control intellectual property from thousands of miles away. The simple fact is, most
And look at what can happen. Weeks after the fact, whipsawed by events—
organizations cannot: At two removes, the typical organization loses control of its
amid fines, lawsuits and damaged careers—executive teams are still struggling
IP, as suppliers swiftly turn into fast-learning, price-advantaged predators. How to
not only to contain the damage, but to trace its spreading effects. How many
protect IP from such new competition, much less against state-sponsored systems of
records lost? What did those records contain? How might this information affect
industrial espionage?
our partners and their partners? In an economy in which 70 to 80 percent of market value comes from brand equity, intellectual capital and other intangibles, we’re talking about the kind of event that can severely damage your enterprise, or even take it down.
Yet another feature of our time: the swings between the public’s exceptionally low tolerance and extraordinarily high expectations. In a world tired of market meltdowns, there is arguably more public and regulatory fervor (and market punishment for perceived transgressors) than at any time since The Great Depression. At the same time, with more customer information on file than ever, the public has a much higher expectation that
Transformation #2: A Changed Regulatory Environment Consider some of the transformations in the global competitive environment over the past decade. On the downside, leaders now need to deal with
organizations will keep their critical personal data secure. Or else. For all these reasons, integrity or controls lapses—whether intentional or unintentional—carry a much higher price than they did a decade ago. Indeed, enough to take down your company, or set it back for years.
But Now For the Good News: There Is Far More to Go Right The good news is, the upside has changed as well, as much because of plethora of new technologies, as because of a revolution in standards and
assumptions. Including the ability to safely collaborate—even globally—knowing their intellectual property is truly secure. Or consider a large bank. With disconnected legacy databases, the typical bank
improved business processes that make digital change faster, easier and
is often dangerously fragmented—ripe for the lone operator who, with a laptop and
cheaper—and far more predictable. Today, as a result, there are many, many
the right algorithm, can take down whole networks.
things to go right with your enterprise: • Right about the availability, reliability, predictability and purity of your products.
On the business front, meanwhile, the same bank blankets an existing customer with credit card solicitations, all while missing the fact that Ms. Doe is ready for a car loan or a home refinance. Add an M&A and the chaos factor only
• Right about the ability to uncover business patterns and customer needs.
grows—a digital hall of mirrors. Before organizations can collaborate effectively, they
• Right about the ability to turn from playing defense to driving innovation.
need to trust. But to trust, they need better security, together with the kind of clarity
• Right about the ability to recover faster and more nimbly than competitors.
and confidence that go along with it.
Above all, security demands balance. Over-balance the equation in favor of security, and an enterprise loses efficiency and agility. Under-balance it, and the
Tomorrow: Timely, Comprehensive Intelligence
enterprise opens itself to dangerous levels of risk. Or stagnates through the risk-
So how can organizations make it happen?
aversion and lack of innovation that so often goes with it. Either way, the days are
Not through any one solution.
gone when global players can, or should, manage the process alone.
First, success demands a comprehensive system able to identify, track and trace people, goods and information systems. The key here is not a new system,
Striking the Right Balance Between Security and Innovation Striking the right balance between risk and innovation is what this brief visual book is about: To visualize a world buffeted by so many forces—many all but invisible—that the system is almost better visualized than explained. In a people context, there’s the need to identify, track and protect individuals.
but rather a better architected and integrated system with far better sensors. The result—shown schematically throughout this visual book—is a new era of visibility and control into everything that your organization touches. But again, the ultimate goal is tipping the good-risk/bad-risk equation in your favor. It means knowing the landed costs of goods once they arrive. Or controlling
Here positive identification not only means having the right systems and
the quality, accuracy, predictability and freshness of your product, whether it be heat-
processes, but the control to see inside those processes, with data-rich views
sensitive drugs or sushi-grade toro.
that can precisely authenticate identities. For highly dispersed databases in different agencies and governments,
Above all, security means an organization that inspires confidence in the marketplace—a trusted leader with the situational awareness needed to correctly
enhanced visibility improves their ability to interact—to follow the same
read the patterns and run the right plays. And today there’s a path to achieve it, only
protocols, search the same fields, speak the same language and draw common
this time by better deploying the assets that you already have.
9
Risk Factors
Your new world is one with
no “off”switch… … in which problems happen faster, spread farther, and create more havoc than ever before. Why? Because of everything your enterprise is connected to.
Risk Factors
From Pakistan to Peoria . . . Seventy-five days and 14 handoffs later, how one cotton shirt
How Goods Move THE TYPICAL SHIPPING CONTAINER can pass through 17 handoffs, or nodes, each posing a new risk. This route—from Karachi, Pakistan, to a Midwest department store—involves four modes of conveyance, five countries, one ocean and two seas. The bigger risk: too many teams in too many places. Here, a reputable global clothing manufacturer stuffs and seals the container in Karachi, a city with a history of unrest. Eventually, the container is hoisted aboard a ship: globally speaking, a needle in the proverbial haystack. Consider, too, the risk picture of Pakistan. Surprisingly, for a poor country, theft (a huge problem in Latin America, for example) is relatively minor. More likely: plentiful heroin from nearby Afghanistan. And arms: AK-47s, rocket-propelled grenades, even shoulder-fired missiles capable of bringing down an airliner. Then there’s the risk of hitchhikers, like the presumed terrorist who was found hiding inside a container with airport maps and a phony mechanic’s ID. Current remedies: Measuring the container (has a double wall been created?) and weighing cartons (too heavy for shirts?). More ambitious: radiological and biological inspections, GPS, and even RFID knowledge down to size, color and numbers.
1
2
3
4
5
6
DAY 1 KARACHI, PAKISTAN
DAYS 2-24 KARACHI, PAKISTAN
DAYS 24-26 KARACHI, PAKISTAN
DAYS 28-29 KARACHI, PAKISTAN
DAY 30 KARACHI, PAKISTAN
DAYS 31-35 ARABIAN SEA
A purchase order is cut for 600 cartons of shirts—some 75,000 in all. The order is then filled by a contract manufacturer in Karachi’s Textile District.
Cartons of finished goods are delivered by truck to the consolidation warehouse.
The consolidation warehouse loads cartons into a 20-foot container, then seals the container using a barrier seal and indicative tape.
A container truck picks up the loaded container and transports it to Qasim International Container Terminal.
The container is checked into Port Qasim. There, after being released by customs and terminal authorities, it is loaded onto the feeder vessel.
The feeder vessel sails from Karachi to Sri Lanka by way of Mumbai, India. This first part of the journey takes five days.
Chicago
Peoria, Illinois
14
13
Cleveland
10
Halifax, Nova Scotia
12 11
Newark
9 Atlantic Ocean
Busiest Ports Ranked by Container Traffic PORT
CONTAINERS PER YEAR
1. Singapore, Singapore
24,792,000
2. Hong Kong, China
23,539,000
3. Shanghai, China
21,710,000
4. Shenzhen, China
18,469,000
5. Busan, South Korea
12,039,000
Source: 2006 American Association of Port Authorities rankings
makes its way from Karachi’s garment district to a Midwest department store. 7
DAY 36 MUMBAI, INDIA The vessel arrives at Mumbai Port. After discharging some containers, the vessel then departs for Sri Lanka.
8
DAY 39 COLOMBO, SRI LANKA Vessel arrives at Colombo Port. There, the shipping container is trans-loaded from the feeder vessel to the mother vessel, bound for the United States.
9
10
DAYS 40-59 AT SEA
DAY 59 HALIFAX, NOVA SCOTIA
The mother vessel sails 18-19 days to Halifax, Nova Scotia, traveling through the Suez Canal, across the Mediterranean, then across the Atlantic.
The mother vessel arrives in Nova Scotia. More containers are discharged. The vessel then departs for the final leg of its journey to the United States.
11
12
13
14
DAY 62 NEWARK, NJ
DAY 65 CLEVELAND, OH
DAY 69 CHICAGO, IL
DAY 75 PEORIA, IL
The mother vessel arrives at the Port of New York/ New Jersey, where the container is offloaded. After customs and terminal release—a painstaking process with cargo from South Asia—it is then hoisted onto a container truck.
The container arrives by truck at the distribution center. Here, officially taking control, the shipper breaks the lock, unloads the container, then enters relevant tracking and location data into the warehouse’s receiving system.
Three hundred cartons of shirts arrive by truck at the warehouse of a major department store. There, the cartons are received and put away. Then, after the store sends a demand signal, the selected cartons are packed and shipped.
Final delivery. Shirts are removed from the carton and placed on sale for $24.99. You’ll take the blue—and wear it that night at the barbecue, a little more than 10 weeks after it was ordered.
9
Karachi, Pakistan
Suez Canal
1
3
2 4
5 6
Mumbai, India
7
Arabian Sea
8 Colombo, Sri Lanka
13
Risk Risk Factors Factors
The Weather Channel WHAT’S UP WITH this crazy weather? During 2004 and 2005, the U.S. saw seven of the most damaging storms in the past 106 years. Including Katrina. In any case, wherever you stand on the Global Warming debate, there is no denying the growing severity of tropical storms. Today, the number of intense Category 4 and 5 hurricanes has nearly doubled. Or consider 2008 alone: In the space of two weeks, Hurricane Gustav caused an estimated $3 billion in damage in the U.S., while catastrophic floods in northern India left a million people homeless. The other wild card is the ever-mounting value of what hurricanes can destroy. By some estimates, that damage-potential is doubling every 10 years. Over the next ten years—even at a conservative multiplier of 4 percent—the cost of a once-in-a-century storm could soar to $200 billion. Then there’s the oil factor. With the U.S. Gulf accounting for 30 percent of the nation’s oil production and 20 percent of its natural gas, storms can severely cripple the economy. Witness Katrina, which damaged almost one-fifth of U.S. oil production. In any case, the severity of storms—and the connected infrastructures they disrupt—now vastly exceeds the power of government to contend with them. Enter Walmart, which stepped up during Katrina, supplying its customers with batteries and food, water and ice. The goodwill that such hardiness and versatility engenders is incalculable. Survivable systems. Variable plans. Redundant capacity. All help organizations lessen the chaos that storms can unleash.
The China-India Effect THEY’RE NEXT-DOOR NEIGHBORS, growing faster than any two economies in history. And, at 2.5 billion strong, they offer two massive labor pools the size and quality of which the world has never seen. Yet as China and India become the world’s largest economies, each brings the risk of political turmoil (Kashmir, Taiwan), environmental collapse (20 of the world’s most polluted cities are in China), and social tension. (In 2005 alone, China saw 87,000 protests and public disturbances.) For business partners, these two economies present still other risks: counterfeiting, IP theft, suspect food and toys. Finally, there is perhaps the biggest risk of all: environmental catastrophe. Then there’s perhaps the most
rampant risk of all—losing control of your intellectual property. Without the latest privacy tools, in as little as two removes, an organization effectively loses control of its IP. In 2006, the U.S. did $343 billion in trade with China. But what if China’s industries are caught selling tainted toys or food? Where to turn? And what about the alarming amount of non-performing loans that Chinese financial firms are carrying, estimated to exceed $1 trillion, or a staggering 40 percent of GDP. India presents similar risks—highest of all, political risks, with its 10 million-strong bureaucracy and culture of corruption holding back the tens of millions of ordinary Indians who struggle just to meet life’s basic needs. Will these two titans break down, or break through? One thing for sure: Partners will need robust contingency plans and tight controls.
The Regulatory Wave
CORBIS (2)
The Media Effect THE CNN EFFECT is the BBC, Facebook, and Matt Drudge Effect. It’s the herd effect of rampant news 24/7, all driving the kind of mass speculation and worry that sparks global stampedes. It’s the stock that takes a beating, often on little more than rumors. It’s the gravity-defying story that won’t go away—an eternity if it’s your story. Above all, it’s how stories can accelerate and mutate in a world with no “off” switch. All with huge impacts on global business. It wasn’t always so. Until 1980, when CNN opened its doors, people got their TV news in modest, meal-like doses. But then with the revolution in telecommunications—especially in instant live
coverage—came the rise of truly global stories like the O.J. Simpson trial, 9/11 (half the TV-owning public watched) or the Beijing Olympics. Omnipresence has its costs, however. In fact, it could cause a rethinking of the old adage, “There’s no such thing as bad publicity.” Several years ago, when a major oil company was caught overstating its reserves, its stock sank 10 percent in the first two weeks. Unfortunately, the bad news only continued, triggered by government investigations, high-level executive resignations, and a review of the company’s management structure. As The New York Times put it, “When the Terrorist Era meets the Information Age, a Time of Confusion results.” The issue is managing the confusion, rather than succumbing to it. The real task is finding a safer harbor—or at least a better workaround.
THE ASIAN FINANCIAL CRISIS. The Argentine financial collapse. The dot-com crash of 2000, and now the sub-prime melt-down, bringing down giants like Bear Stearns, Fannie Mae and the UK’s Northern Rock. The result: Waves of national and global regulation... Sarbanes, IFRS, Basel II, and much more to come. Add to that wave after wave of corporate governance. Security breach reporting. Privacy and data protection. Not to mention industry-specific regulation. Further confusing matters is the global dimension, in which laws and regulation founded on territorial jurisdictions are often imposed on cross-border transactions and information flows. The resulting complexity and compliance risk poses one of the great pressures on 21st-century leaders. Beginning with a tab that, for the top 100 institutions, could reach $100 billion by 2010. Such overwhelming complexity likewise explains why a recent survey revealed that only 41 percent of the companies surveyed felt their boards really have a handle on it. In this sense, the Regulation Wave is really a security concern. Not to mention a brand risk for those organizations that drop the ball. Today, there’s a better way: Doing a full regulatory inventory, then rationalizing the necessary controls and responsibilities. In other words, by treating compliance holistically as a security matter, with the full cooperation of IT. Against the regulation wave, there is only one option—swim faster. Fortunately, next-level integration can keep the leaders well ahead of the wave.
15
Risk Risk Factors Factors
Potential Traps and Effects SNAP. China stumbles, or Avian Flu boils up. Or a container scare triggers a rolling port shutdown. A hyper-connected world is loaded with traps, and anything can trip them. In a connected world, the effects are vastly magnified in force and speed, especially if your organization lacks connections needed to negotiate the best path. The result is a world of big winners and big losers in which acting first is critical. This also explains how small players can fast become huge, while the big players can fall faster and harder than ever. Why? Because of the domino effects of a connected world.
Shareholder Pressure It began with Enron and WorldCom, with investors sacking CEOs, disrupting meetings and shaking up boards—anything to make the numbers. Today, shareholders and stakeholders put your business under more scrutiny than ever. Add to that the era of corporate responsibility and enhanced scrutiny, and the stakes have never been higher.
Anti-Global Forces What if activists or failing states make doing business prohibitive in parts of the world? What if China flexes its muscles, as Europe does the same? In time, will 9/11 come to be seen as globalization’s rollback? What if U.S. unilateralism continues to polarize? Apparently, globalization has its antimatter—can you counter it?
Outbreak
Terrorism
Globalization is the ultimate Petri dish, spawning, even in the past few decades, at least 35 new diseases. Take Avian Flu. It is now estimated that an outbreak could cost between $1.5 to $2 trillion, while affecting one of out five people. What if your workforce suddenly had to spend months working from home? Do you have the plans and system security able to support it?
In 2007, there were 14,000 terrorist attacks resulting in over 22,000 deaths. Of the total reported attacks, about 43 percent occurred in the Middle East/Persian Gulf, while some African countries experienced a staggering 96 percent increase in violence. Today, each year the U.S. spends about $500 billion—or roughly 20 percent of the federal budget—in its efforts to combat or prevent terrorism.
Fakes
Strikes Feeling spontaneous? How about the troqueros that move containerized freight between ports and intermodal terminals. No union contract here. These Mexican-Americans get a small hourly flat fee, not much after you deduct the cost of $4-pergallon fuel. So one day, CB radios and Spanish-language stations start buzzing—time for a fuel-driven, 30-percent freight hike! A wildcat strike, wreaking havoc with the $1 billion-a-day West Coast Port System.
Trade Wars The EU and United States battle over everything from bananas to Roquefort to fine wines. The favored weapon: Tariffs. The global pricetag of agricultural tariffs: $100 billion annually, most falling on American and European consumers. Another risk: The constant finger-pointing on dumping issues between China and the United States. Might the fickle finger point at you?
Counterfeit goods are now a market of $650 billion—never mind the billions more that escape detection. The list is endless: drugs, electrical appliances, tobacco, toys. Or even parts for jet engines. Recently, after American Airlines jetliner crashed in Colombia, thieves made off with more than 500 parts, including the engines and landing gear, for sale to other carriers. How secure is your supply chain?
The Wild Card Bad things, good things, big things—those ski-jump discontinuities of change. North Korea, Iran, the next Osama, intifada, or Avian Flu. Next killer worm or Y2K buried in the world’s systems. China sputters— or invades Taiwan. Wham! So what’s your Plan B?
Sources: Aon Corporation’s Trade Credit and Political Risk Practice Group. U.S. Meat Export Administration. Anderson Economic Group.
17
Solutions
Your new world is a one-strike heavily
you’re-out world, punishing mistakes. New regulations and standards. An era of corporate responsibility. Activist stakeholders and a hyperactive press. All have ratcheted up the expectations around security. Or else.
Solutions
Secured Trade TELEGRAPH INVENTOR Samuel F.B. Morse spoke of his great aim to “annihilate distance.” Today, the challenge is invisibility: The millions of products and shipments that can be lost, pilfered or counterfeited as they traverse the world. Ocean-going shipments hold a special danger: Just try to find out who really owns a ship. As William Langewiesche observes in The Outlaw Sea, “forty thousand merchant ships. . . wander the world with little or no regulation.” This includes the 20-plus freighters estimated to be owned or controlled by al Qaeda. The high ground for business and government is control in all modes: sea, air and land. For high-value or high-danger goods—pharmaceuticals, for instance— electronic pedigrees offer a detailed log of every stop, from plant to loading dock to checkout scanner. What is it? Who wants it? Where is it? The difference is, real-time knowledge of what’s in the box, down to granular details of sizes and colors. It’s a stronger demand signal, along with the real-time ability to satisfy customers with accurate and timely shipments. And it’s the wealth creation of precision pricing. Today, secured trade is a driving force in shareholder value. As business follows the sun, success demands a bigger picture and a brighter, sharper lens.
Control From Space
Maintaining Security On Every Level
GPS and other tracking technologies follow the container through every conveyance, ship, truck, rail or air. Meaning, the ability to commit-to-order, with a sure delivery date.
On air, land and at sea, goods are locked and located—at every step, even when switching teams and modes. And people are fully accounted for.
Control In the Container Everything—in detail. Where through GPS. What through RFID. Who had it, when. The result is a rolling inventory, protecting every pallet. Technologies: pallets shrink-wrapped, RFID-tagged, then smart-sealed with currency-like tape that exposes tampering. Plus, monitoring devices that send alerts about excessive heat or vibration.
KEEPING CONTAINERS SAFE • Each container is measured to ensure against false walls that might conceal illegal drugs, weapons or
immigrants. • Radiological and biological tests are performed. • High-tech deterrents
LABEL are deployed inside and out. Can include radiation sensors, GPS devices, smart container sensors,
8 FEET TALL, 40 FEET LONG (2 1/2 CAR LENGTHS)
barrier seals, indicative seal tape, RFID seals and fiber-optic seals. • Filled weight is checked against empty weight. Does it conform to the size of the cargo? Does it all add up?
8 FEET WIDE
FALSE WALL
LABEL
Control In the Air Since 9/11, U.S. regulations require greater visibility into shipments. Air carriers handling imports will have to transmit cargo data four hours before arrival. The solution: Neutral, Web-based portal brings together shippers. Add to that the precision of bar codes and RFID. Meaning, mastery of the real-time details: who, what, where and when.
Secured Borders
SCANNERS: Handheld scanners track and verify contents. Gamma-ray scanners ensure against false walls, contraband and radiological devices.
Control at the Port What’s in the box? The ship’s captain, Customs, port security —all have complete control— from arrival to departure.
FINGERPRINT READERS: With a touch, authorized longshoremen gain instant, point-specific access.
THE NUMBERS ARE DIZZYING… 4000 global ports… 300 U.S. ports of entry processing 400 million people traveling across our borders in 133 million cars. Add to that another 4,000 ports globally, and it’s easy to see why customs agents are so stressed. The good news is, border security has never had so many tools—globally integrated databases merging country databases with criminal databases like INTERPOL. For example, with globally integrated databases and license-plate readers (able to read the tags on cars traveling up to 60 m.p.h.), border control agents can know whether the car is stolen before it hits their station. But there are other tools as well. Smart Cards with smart chips contain rich information on the holdings, and Business Intelligence validates the credentialing documentation. Borders and facilities can be better secured with ID technologies, ranging from intelligent video to iris or finger vein pattern recognition. And, because they are built on Service-Oriented Architectures—independent of the underlying technologies—systems are “future proof.” In other words, easily and inexpensively updated. Today, the hero of this story is not the technology, which is now fairly mature. Rather, it is the ability to integrate these systems, locally, nationally and globally. The result is positive identity and secure borders—all translating into more secure and satisfied citizens, travelling with greater confidence and ease.
21
Solutions
Secured Identity ONCE, TRUST WAS a known face—no longer. As we travel, faces grow hazy, with dangerous consequences when we trust the wrong person. As The 9/11 Commission Report observes, “Today, a terrorist can defeat the link to electronic records by tossing away an old passport and altering slightly the name in the new one.” Fortunately, with biometrics, this once blurry picture is fast coming into focus. Another big advantage: Speed. Better identification means citizens and goods—and economies—move more efficiently. Today, around the world, retinal scanning, fingerprint identification and advanced facial recognition are protecting key infrastructure. At the same time, with smart passports containing digital photos, fingerprints and chips, Customs and law-enforcement personnel have the full picture. With powerful databases, they can see connections around the world. With biometrics, those who transport dangerous cargo are in fact the people authorized. Similar tracking technologies mean that elections are fair and democratic, and that citizens are connected to government and vital services. Take MyKad, the digital ID card now carried by 22 million Malaysians. Consolidating drivers’ licenses and identification cards, this one card can do virtually everything: bill payment (ePurse), tolls, parking/public transport, ATM banking, health services and more. And, Malaysia’s smart card is moving citizens through immigration checkpoints.
THE VISIBLE RETINAL SCANNING CONTAINER
BIOMETRICS PERSON POSITIVE: Automated authentication through physiological or behavioral characteristics: fingerprint, retina, voice, hand geometry, etc. Scans against a known database.
IN THE EYES: Identity based on blood vessel patterns in the back of the eye—unique as snowflakes. Can be active (range: 6-14 inches) or passive (more user-friendly, up to 3 feet). Then there’s iris-on-the-move, scanning the iris while the person is in motion.
CITIZEN TRAVEL: Faster travel through better recognition, or even traveler “speed passes.” (But only with voluntary background checks.) GOVERNMENT FACILITIES: High-security environments use corroborating checks: fingerprint, face and more. HIGH-RISK FACILITIES: Power plants, reservoirs, drivers of radiological waste.
Making Certain Mr. Jones Really Is Mr. Jones
ID CARDS ID CARDS SMART EVERYTHING: Cards can be single-use (driver’s license) or multipurpose (health, immigration, ATM and more). National ID cards? Controversial. But more countries are going that way. FEATURES: Rainbow printing, micro letter, holographic overlay, ultraviolet and more. PLUS, SMART CHIP: 32K of personal history, medical, thumbprint minutiae, color photo.
Technologies that help verify identities— creating a more secure environment by linking each citizen with the relevant data.
FINGERPRINTS YOU’RE IN! Facility access or access to PCs and other systems. Electronic keypad collects image and scans zones against a known image or database. The FBI fingerprint database now holds some 81 million records.
Secured Air Cargo NO MODE OF TRANSPORT is rising faster than heavy air cargo. But to continue its ascent, the industry—freight airlines, forwarders and carriers with belly space—must collaborate as never before. Especially if it is to compete with carriers offering guaranteed service and real-time tracking. Yet look at the challenges. First, the industry needs to embrace the latest in digital technology—especially next-generation Web integration. It must contend with aging airports and spaghetti-like legacy networks. And, it must better manage today’s disruptive givens: terrorism, military action, economic turbulence, health outbreaks, and more. Finally, the system needs dynamic decisionmaking to better manage assets, capital and information. Solution: Create a new virtual network, with seamless reach, total control and on-time accountability—but with a key twist. Consider: When asked, the major shippers will offer real-time package tracking. But what if the shipper wants customized proactive alerts—at any milestone? Say, a beep on your PDA or cell phone: Shipment confirmed. With an online portal, customers find easy access, competitive efficiencies—and alerts. Edge-to-edge control, all seamlessly connecting customers and real-time tracking. On time. Their way.
From Timbuktu To You The heavy freight industry gets seriously connected—without the heavy lifting.
CONNECTING THE PLAYERS
MAKING IT VISIBLE First used for critical military shipments like blood and munitions, RFID and GPS technologies are steadily gaining commercial acceptance, especially as they get cheaper. The payoff: real-time information improves decision-making. And reduces the errors and delays of intermediaries.
PROACTIVE TRACKING Tracking is best done by “exception”—focusing on problem shipments rather than routine shipments. Deeper control, less wasted time.
Shippers, forwarders, airlines, Customs—all require the same information. But who wants to wade through to multiple sites to find it? The future: Neutral portals for booking and tracking. A one-stop shop for multiple carriers.
23
Solutions
Secured Information CYBER SECURITY: It touches everything… the security of your information, your partner’s information—and that of your customers. That’s a lot to potentially go wrong. And, as the numbers show, disaster potential is real and growing. But look at the deeper potential costs: Bad publicity … millions lost in reparations … lost customers … the demoralization and distraction factor … and, finally, a serious hit to your brand. And why? Because of what organizations too often leave out—end-to-end control. But improved control yields even larger business outcomes. It includes improved enterprise performance, say, with in-transit control and tracking management. It means better managed operational risk, especially when it
Secured Banks BANKS CAST A LONG SHADOW. Shackled in security, they are perversely vulnerable to the gaps that phishers and data poachers are quick to exploit. Blanketed with accountability, too often they can’t be counted in to manage their own growth. Or keep count of their own customers. As the analyst Tower Group observes, “A history of tactical cost-cutting and duplicative maintenance efforts has left financial services institutions mired in a maze of barren business operations, fragmented technologies, redundant controls, and information integrity issues.” But what about a bank built with end-to end security—security that allows it to better spot problems and adapt to changing business and customer requirements? In other words, what if a bank not only had better integration, but also the ability to secure its assets? Today, such security is very
comes to people, security, IT systems, goods and assets. And it means business optimization through improved supply chain efficiencies and IT systems protection. Imagine weather prediction without satellite images. Imagine flight without radar. Thus, to change the cyber security picture, organizations need control inside and outside their four walls. In short, to see the full picture of enterprise—and extra-enterprise—risk. Connected enterprises are more secure because they can better grasp the full picture. They can read changing patterns of risk. They can see interdependencies—the gaps—between them and their extended network. And they can play out—in advance—a path through potential risks. Cyber security: Today, the path is not more locks and keys. It’s the end-to-end connection that helps you secure your world and better focus your creative energies.
achievable—and long overdue. The secure bank begins by giving people at all levels— from boardroom to the data center—a complete digital map of branches, consumers, corporations, business, regulators and partners: everything and everyone the bank touches. Bankers get real insight into which operations— and which customers—are really driving profits. Instead of losing track of its customers, the Secure Bank has deep insight into the customer’s changing needs—in real time. And, with a real-time infrastructure, the bank knows what systems it has on line, just as it can monitor over-or under-capacity, then act to balance it. Security: With zero-gap protection, the bank can see, track—and thwart—threats. And, with a “hot-spare” of virtual capacity, it can recover systems within 30 minutes. The Secure Bank sees the true path to change. It adapts in real time. And it can spot—and secure itself— against this ever-moving storm of digital risk. Today, through next-level security, the banking industry can emerge from its long shadow. And shine.
25
Solutions
Secured Enterprise FROM CHALLENGE COMES OPPORTUNITY and those who best innovate in times of struggle win. Too often innovation, however, has focused on the “what” -- the latest and greatest gadget. While perhaps successful in solving a very specific challenge, pointsolutions are at best inefficient, and at worst they create a whole new set of challenges, the least of which being their expense. What is required is innovation of the “how”. And often it is the elegantly simple, unified approach that best strikes the delicate balance between competing forces: between agility and assurance, between physical and data, between old and new, between security and innovation. An elegant, unified approach means less complexity from one-off point solutions, yet more agility and control. Less loss from counterfeiting, spoilage, and fraud, more operating continuity & performance. Less restriction of end-user technology choice and social networking, more empowerment and employee satisfaction. Less risk, more protection, trust, and assurance. Less compromise, more value and success. Less fear, more freedom.
The 21st Century Organization By creating a digital model of a process, organizations can see how one layer of the business affects another. The payoff: quick, well-formed insights into unfolding events.
STRATEGY MAP
PROCESS MAP
The layer where the business vision and operations model is established. Also, where economic value, security, partner interaction and standards adherence are determined.
The layer where the vision is carried into core operations. Deals with virtually every process that touches the identify/ track/ trace/protect framework. Example: Supply chain.
APPLICATIONS MAP
INFRASTRUCTURE MAP
The layer where data is analyzed to assess opportunities and threats. Also where modeling is done based on data captured from RFID devices, readers, sensors, bar codes and other tracking technologies.
The layer that provides a road map to eliminate redundancy, leverage functionality and identify how to best implement your technology investment in devices.
Our Portfolio UNISYS. SECURITY UNIFIED At Unisys, we assess, design, develop, and manage mission-critical solutions that secure resources and critical infrastructure for governments and businesses. Our approach unifies resource and infrastructure security, creating the most effective and efficient security environment possible and freeing our client to focus on best serving its citizens and customers. Our people security solutions identify, credential, verify, and profile citizens, travelers, and employees, for both physical and digital facilities. Our asset security suite of solutions allow you to track and trace goods, physical and financial products, and data, both in motion and at rest. Our critical infrastructure security solutions – for facilities, borders, and networks -- save life, property, and forensic evidence, and restore life to normal after natural or man-made attack. And our advisory and analysis suite of services provide a strategic security roadmap and a real-time, predictive risk intelligence solution.
All of our security solutions deter, protect, and defend against tampering, fraud & attack at all points of vulnerability. They consistently and fully enforce a customer’s policies, mandates, and regulations. They increase organizational clock speed, self learn, and ultimately reduce cost and avoid loss. We have an extensive heritage working with defense, security, and law enforcement agencies, particularly in mission-critical operations, which places security at the core of all that we do. For example, the U.S. Army needed to know the exact location and contents of thousands of containers and air pallets of cargo in transit per day for military personnel across 1,500 nodes in 25 countries. Unisys implemented a unified 4m+ RFID tag solution that provides the Army with instant access to equipment and supply information. It has increased productivity, improved war fighter safety, and reduced costs. We have created industrytransforming systems where information is unified, intelligently and securely shared amongst partners. For example, the Government of Malaysia wished
to provide a single citizen ID card, consolidating driver’s license, bill payment, tolls, parking/public transport, ATM banking and health services. Unisys brought to them a unified solution that utilizes a state-of-the-art “MyKad” (My Card) -- a secure multipurpose smartcard for all citizens over 12. Now Malaysia’s 23 million citizens get faster service and better information privacy, plus economic activity increased. We unify the ‘how’. We integrate security domains, employ an aligned methodology, develop and reuse linked models, and share a common desire with our clients to allay their customer’s fears. For example, Chile’s Santiago airport must securely process 3 million people per year. Unisys delivered a unified solution that identifies travelers via passport readers and facial and fingerprint recognition and automatically evaluate against watch lists supplied by Interpol and local police agencies. For us, it’s not just about security; it’s what security enables our clients to do. When you are secure, you are in control. You are efficient and effective. Your citizens and customers trust and value you. You are fearless. You win.
Complementary Unisys offerings. Unisys Application Modernization and Outsourcing makes operations more agile, secure and efficient while lowering overall costs. Our approach – leveraging over 1,400 unique, pre-built application and process models and grounded in our 30 years of experience and leadership in mission critical and open technology -- delivers faster, cheaper and with the least risk of disruption to our clients. Unisys End-User Outsourcing provides anywhere, anytime, one-call support that increases user satisfaction while driving down support costs. We leverage the combination of our global ITIL-based Resolution Optimization Model and network of 31 ITO Operations Centers with 6,000-person strong field force to deliver measurable cost reductions, improved satisfaction levels and faster time to incident resolution. Unisys Data Center Transformation and Outsourcing leverages our long heritage of expertise in the data center. Combined with our independent thinking, innovative infrastructure and sourcing capabilities, Unisys delivers data center solutions that are more secure, more productive, and more reliable while decreasing operating and capital costs and increasing business performance.
27
Conclusion
A converging world needs the seamlessness of converged security. Your walls. Their walls, “inside” and “outside.” In an era of rising threats, your perimeter is ever-expanding. And—unless you get the full picture—potentially riddled with dangerous gaps. Winning today begins by acknowledging the changed risk equation. In a connected world, when things go wrong, they will go wrong faster than ever.
29
Conclusion
Moreover, the system effects—like that of a power
more on “paying” risks, as opposed to thankless
grid crashing—will be faster and more far-reaching
risks, like phishers and hackers.
and far more opaque, as the subprime crisis so
A System That Can Secure Itself
clearly shows. Fortunately, thanks to converged security, just
The result is a system that can secure itself
as the world has grown larger and more chaotic,
against theft and counterfeiting, or fend off electronic
improved integration technologies and clear
attackers. Or send instant alerts, say, when a hard
standards make the necessary integration a more
drive has been damaged or compromised, or medicine
predictable and less costly process. At the same
has been subjected to too much heat or vibration.
time, converged security means your organization
After all, if we can sift and test the soil on Mars, surely
can easily integrate a host of stable and mature
we can know the facts vital to our products, fortunes
security technologies: iris scanners, license plate
and reputations. Or, for that matter, with whom we are
readers, RFID and more. And we integrate it with
really communicating.
platforms and systems that you already have.
Today, converged organizations deliver exceptional
The result is a powerful merging of two, once-
performance and exceptional control over costs. And
separate realms: your IT systems with your physical
difference is an organization with the clarity and
they have an inherent capacity to manage risk, all while
assets—the whole enchilada. The result is a truly
control to collaborate—and innovate—with much
delivering the enhanced productivity and efficiency—
enterprise-level ability to protect people and data,
higher confidence, and thus a much greater degree of
and the ability to innovate—that delivers true growth
places, and things. Further, by using the latest in
success. In both the public and private sectors, the
and reward in the marketplace.
open-source technologies, systems can be “future-
benefits are as powerful as they are wide-ranging.
proofed” against the next generation of change.
Physical Security, IT Security—Converged Again, the most obvious difference here is an all-new level of integration. The less obvious
An “always-on” world needs “always-on” security.
To be sure, bad things will happen, as they always
And now that day is here. Today, the two once-
do. The difference is, far fewer will snowball and wreak
separate worlds of physical security and IT are
havoc. Why? Because organizations have the real-time
converging. One system. One comprehensive view
ability to sense and respond, whether to competitive
of physical and digital reality. One secure path to
change or actual threats. Meaning, you can focus
innovation. All under total control—your control.
Specifications are subject to change without notice. © 2008 Unisys Corporation. All rights reserved. Unisys is a registered trademark of Unisys Corporation. All other brands and products referenced herein are acknowledged to be trademarks or registered trademarks of their respective holders. Printed in United States of America. October 2008. This book was illustrated and designed by Splashlight.
31