a delicate balance: a visual guide to secured business operations

8/14/2019 A Delicate Balance: A Visual Guide to Secured Business Operations

1/32

A Delicate BalanceA Visual Guide to

Secured Business Operations


2/32

Today, as a business leader,youre on the hook. And too often in the dark,

pressured by the Three Rs of global management: Regulation, Reputationand Risk. Regulation: CEOs sign off on Sarbanes 404 processes, and

government leaders design the regulations to protect all interestseach

not always knowing the best blueprint for implementation. Reputation:

Reputations can vanish overnightall by what you dont know. Risk: From

mergers and acquisitions, to global trade, to immigration snafus, cascades

Its big.

Its bright.Its vulnerable.

Introduction

Introduction


3/32

3


4/32

Introduction

of undetected risks can be unleashed throughout the extended enterprise.

And there lies the issue. Today, the devils bargain of globalization is the demon of

complexity: More to go right, and more to go wrongfaster, farther, and deeper than

ever before. But today, there is a way to minimize global meltdownswith holistic

solutions that converge logical security with physical security, helping you to better

manage risk and optimize operations. That way, you avoid or take the bad

risk in stride, while focusing on the risks that truly drive shareholder

value. Balancing good risk with the bad: This is the challenge of this

new environment. One system. One view of physical and digital

reality. All driving stronger control and greater competence.

So Whats New Here?

Not the hardware or necessarily the technology. In this new world, from RFID

to iris scanners, the technology is all out there, mature, proven and affordable.

What isnew is the demand to converge physical security with data security, thereby

connecting all your data and technology on a single global infrastructure. Power grids.

Air trafc control. Financial systems. Emergency response networks. Everything that

matters. All in one highly controlled, tightly connected network.

Today, these once separate worlds can be connected and protected on a single

seamless platform. This is what we mean by converged security: security in which

inside merges with outside, meaning where the world of data and IT merges

BRAZIL

$762 billion

$1.69 trillion

$6.07 trillion

UNITED KINGDOM

$1.44 trillion

$2.46 trillion

$3.78 trillion

More than

5,000%

2,000%

to 5,000%

1,000%

to 2,000%

500%

to 1,000%

Less than

500%

Source: The Goldman Sachs Group, Inc. (2003)

UNITED STATES

+357%BRAZIL

+797%

A Look at the Future

FRANCE

+219%UNITED KINGDOM

+262%GERMANY

+193%

UNITED STATES

$9.82 trillion

$18.3 trillion

$35.1 trillion

The map above shows projected GDP growth between 2000 and 2050, accordingto a Goldman Sachs report. The projected gures at right show China overtaking theUnited States as the nation with the worlds largest gross domestic product sometimearound the year 2040.

YEAR

2000

2025

2050

Introduction


5/32

with the world of physical security. The result is an ability to manage across the

entire enterprise in terms of protecting people, data, places, and things. The power,

then, is in the integration. And often, that means better integrating the resources

and technologies that you already have.

Whats more, by using open architectures, your network can be future-

proofed, with more advanced technologies easily added in orderly sequences,

without a lot of costly rework. By integrating these two worlds, your system gains

an enhanced ability to spot, respond, and avoid threats. With autonomics

self-healing IT technologiesyour system better balances capacity, uses fewer

resources, and quickly heals itself in the event of a disruption.

As a result, you can focus more on value-added investments and

correspondingly less on re drills and damage control. As Coca-Cola Chairman and

CEO Neville Isdell puts it, The companies that succeed in the 21st century will be

those that manage change without disruption.

Transformation #1: A Growing Threat Environment

The trouble is, the threat environment is constantly changing.

As FBI Director Robert Mueller observed not long ago, In

this world of technological advances, every 18 months the

threats will change, and we have to be agile enough to

5

INDIA

+5,928%RUSSIA

+1,501%JAPAN

+159%

GERMANY

$1.87 trillion

$2.60 trillion

$3.60 trillion

ITALY

$1.08 trillion

$1.62 trillion

$2.06 trillion

RUSSIA

$391 billion

$2.26 trillion

$5.87 trillion

INDIA

$469 billion

$3.17 trillion

$27.8 trillion

CHINA

$1.07 trillion

$10.2 trillion

$44.5 trillion

JAPAN

$4.18 trillion

$5.57 trillion

$6.67 trillion

FRANCE

$1.31 trillion

$2.09 trillion

$3.15 trillion

ITALY

+190%

CHINA

+4,159%


6/32

90 percentAmount of world cargo thatmoves by sea.

35 percentAmount of world trade thatmoves along the MalaccaStraits, the worlds most pirate-infested waters.

$50 millionRansoms paid to Somali pirates.Unprecedented, says Lloydsof London.

18.5 millionNumber of containers thatarrived in U.S. ports in 2007.

5 percentAmount of containers physicallyscreened each year.

2,777 per dayMalicious code threats worldwide.

1 millionNumber of computers hit byviruses or Trojan horses in 2007.

116 hoursAverage time ID theft victimsspend repairing the damage.

address those threats when they do change. The simple truth is, we do not protect

cyberspace to the same extent that we protect our physical space. We have left

our doors open to our business practices, our sensitive data, and our intellectual

property. Case in point: In just one haul, 40,000 credit cards were stolen. And 70

percent of those victimsex-customers, ratherreported spending 12 months to

restore their credit. Staggeringan annual cost of almost $50 billion. And for too

many organizations, business as usual.

The other related challenge is risk management, but here again, its a delicate

balance. In this case, it means balancing compensatedriskthe risk that

the marketplace rewardswith uncompensatedrisk, never rewarded but only

punished if you miss.

But just what is the nature of this risk? It is the risk of an almost fathomless

complexity unleashed by everyone and everything that your organization is

connected to within a vast global network. In the old days, when organizations

could build a moat and control everything within their four walls, they never had to

deal with such risk and complexity. Today, the opposite is true, and the result can

be like a vast power gridterric to behold when the lights are on and the sun is

shining. But what about when risk spikes? The result then is not unlike the domino

effect of a power-grid blackout, when one node or tree can trigger a cascade of

outages, taking down states and even whole regionsagain, because of how

much larger, complex and densely interconnected the system is.

Now consider some of the triggers in your world.

Your system gets hacked or a hard drive disappearstens of thousands of

Introduction

The U.S. FBI estimates there are 100,000computer viruses on the Internet, andcopyright and trademark theft costs$25 billion annually. It has becomesuch a concern that computer crimesonly rank behind stopping terrorism and

counterintelligence as FBI priorities. C O MPU TER C R I ME RESEARC H C ENTER


7/32

Our ability to compete in theglobal economy, to protectourselves against crime andterrorist attack, depends noton walls and fences but on our

ability to use information. U K P R I M E M I N I S T E R G O R D O N B R O W N

20-plusNumber of freighters owned orcontrolled by Al Qaeda.

165 millionNumber of records exposedglobally in 2007.

20 percentPortion of the U.S. Federalbudget spent to fight terrorismannually.

14,000Terrorist attacks globally in 2007.

81 millionNumber of fingerprint records onthe FBI database.

$3.5 trillionAmount of U.S. commercesupported by air shipmentsannually.

158 percentIncrease in cyber-attacks in

2007.

55 percentIncrease of attacks on U.S.Military networks.

$2 trillionEstimated cost of a bird flupandemic.

20 percentWorld population potentiallyaffected by a bird flupandemic.

35 percentAmount of world trade thatmoves by air.

$650 billionWorldwide counterfeit theftannually.

50 percentPercentage of counterfeitpharmaceuticals, according to theWorld Health Organization.

$200-250 billionEstimated U.S. losses fromcounterfeit drugs.

$1 trillionAmount of money laundered

globally each year.

$911 billionBad debt carried in Chinesebanks40 percent of GDP.

7


8/32

identities lost, as T.J. Maxx and Marshalls owner, The TJX Companies, discoveredwhen 45.7 million credit and debtor records went missing. Or the wrong person is

waved across a border. Or a rogue medicine bottle bearing your name becomes

the lead story on CNN. Whatever happens, in a global world, it happens fast, as

what carried your fortunes up carries them down with the force of a wrecking ball.

What you feel then is literally the connected weight of the world as everything

youre connected to spirals out of control. Like hitting the brakes on black ice

ill-prepared and seeing only part of the pictureorganizations can over-react and

skid out in such situations, with no good way to steer and no way to stop.

Take cyber-crime. In a 2007 Deloitte survey of the top global nancial

institutions in 32 countries, 65 percent reported external breeches. Of these,25 percent involved more than $1 million in losses, and 4 percent experienced

losses that ran as high as $49 million. And why? Often because of the sheer

complexity of the circuitry, stretching through dozens of nodes. Thats a lot to go

wrong, especially at Internet speeds.

And look at what can happen. Weeks after the fact, whipsawed by events

amid nes, lawsuits and damaged careersexecutive teams are still struggling

not only to contain the damage, but to trace its spreading effects. How many

records lost? What did those records contain? How might this information affect

our partners and theirpartners? In an economy in which 70 to 80 percent

of market value comes from brand equity, intellectual capital and other

intangibles, were talking about the kind of event that can severely

damage your enterprise, or even take it down.

Transformation #2: A Changed Regulatory Environment

Consider some of the transformations in the global

competitive environment over the past decade.

On the downside, leaders now need to deal with

regulations, like Sarbanes-Oxley and 404; with stakeholders and activist shareholders;with round-the-clock, whistleblower stock news; with the new global high-bar of

global corporate responsibility; and nally, with the new dynamics of the stakeholder

revolutionmany more people and groups to keep happy.

Then there are the effects of globalization itselfbeginning with the huge rise

in global standards and regulation, and continuing with the ever-mounting risk as

organizations expand their footprints. Take food security, one of the top risks noted by the

2009 World Economic Forum. Already this year, there have been multiple scares. But why?

With new technology and sensors, supply chain managers can track food in real time,

registering every detail about its condition, temperature or location.

Transformation #3: A Loss of Control with Critical Information

Finally, there are the competitive risks of Globalization 3.0, when virtually

every organization has a hub in India or China, if not both. One big issue is how to

control intellectual property from thousands of miles away. The simple fact is, most

organizations cannot: At two removes, the typical organization loses control of its

IP, as suppliers swiftly turn into fast-learning, price-advantaged predators. How to

protect IP from such new competition, much less against state-sponsored systems of

industrial espionage?

Yet another feature of our time: the swings between the publics exceptionally low

tolerance and extraordinarily high expectations. In a world tired of market meltdowns,

there is arguably more public and regulatory fervor (and market punishment for perceived

transgressors) than at any time since The Great Depression. At the same time, with more

customer information on le than ever, the public has a much higher expectation that

organizations will keep their critical personal data secure. Or else.

For all these reasons, integrity or controls lapseswhether intentional or

unintentionalcarry a much higher price than they did a decade ago. Indeed, enough to

take down your company, or set it back for years.

Introduction


9/329

But Now For the Good News: There Is Far More to Go RightThe good news is, the upside has changed as well, as much because of

plethora of new technologies, as because of a revolution in standards and

improved business processes that make digital change faster, easier and

cheaperand far more predictable. Today, as a result, there are many, many

things to go rightwith your enterprise:

Rightabout the availability, reliability, predictability and purity of your

products.

Rightabout the ability to uncover business patterns and customer needs.

Rightabout the ability to turn from playing defense to driving innovation.

Rightabout the ability to recover faster and more nimbly than competitors.Above all, security demands balance. Over-balance the equation in favor of

security, and an enterprise loses efciency and agility. Under-balance it, and the

enterprise opens itself to dangerous levels of risk. Or stagnates through the risk-

aversion and lack of innovation that so often goes with it. Either way, the days are

gone when global players can, or should, manage the process alone.

Striking the Right Balance Between Security and Innovation

Striking the right balance between risk and innovation is what this brief visual

book is about: To visualize a world buffeted by so many forcesmany all but

invisiblethat the system is almost better visualized than explained.

In a people context, theres the need to identify, track and protect individuals.

Here positive identication not only means having the right systems and

processes, but the control to see inside those processes, with data-rich views

that can precisely authenticate identities.

For highly dispersed databases in different agencies and governments,

enhanced visibility improves their ability to interactto follow the same

protocols, search the same elds, speak the same language and draw common

assumptions. Including the ability to safely collaborateeven globallyknowingtheir intellectual property is truly secure.

Or consider a large bank. With disconnected legacy databases, the typical bank

is often dangerously fragmentedripe for the lone operator who, with a laptop and

the right algorithm, can take down whole networks.

On the business front, meanwhile, the same bank blankets an existing

customer with credit card solicitations, all while missing the fact that Ms. Doe is

ready for a car loan or a home renance. Add an M&A and the chaos factor only

growsa digital hall of mirrors. Before organizations can collaborate effectively, they

need to trust. But to trust, they need better security, together with the kind of clarity

and condence that go along with it.

Tomorrow: Timely, Comprehensive Intelligence

So how can organizations make it happen?

Not through any one solution.

First, success demands a comprehensive system able to identify, track and

trace people, goods and information systems. The key here is not a new system,

but rather a better architected and integrated system with far better sensors. The

resultshown schematically throughout this visual bookis a new era of visibility

and control into everything that your organization touches.

But again, the ultimate goal is tipping the good-risk/bad-risk equation inyour

favor. It means knowing the landed costs of goods once they arrive. Or controlling

the quality, accuracy, predictability and freshness of your product, whether it be heat-

sensitive drugs or sushi-grade toro.

Above all, security means an organization that inspires condence in the

marketplacea trusted leader with the situational awareness needed to correctly

read the patterns and run the right plays. And today theres a path to achieve it, only

this time by better deploying the assets that you already have.


10/32

Your new world is

one with

Risk Factors


11/32

in which problems happen

faster, spread farther, and create

more havoc than ever before.Why? Because of everything your

enterprise is connected to.

no off switch


12/32

How GoodsMoveTHE TYPICAL SHIPPING CONTAINER can pass

through 17 handoffs, or nodes, each posing a

new risk. This routefrom Karachi, Pakistan,

to a Midwest department storeinvolves

four modes of conveyance, ve countries, one

ocean and two seas. The bigger risk: too many

teams in too many places.

Here, a reputable global clothing

manufacturer stuffs and seals the containerin Karachi, a city with a history of unrest.

Eventually, the container is hoisted aboard

a ship: globally speaking, a needle in the

proverbial haystack.

Consider, too, the risk picture of Pakistan.

Surprisingly, for a poor country, theft (a huge

problem in Latin America, for example) is

relatively minor. More likely: plentiful heroin

from nearby Afghanistan. And arms: AK-47s,

rocket-propelled grenades, even shoulder-red

missiles capable of bringing down an airliner.

Then theres the risk of hitchhikers, like thepresumed terrorist who was found hiding

inside a container with airport maps and a

phony mechanics ID.

Current remedies: Measuring the

container (has a double wall been created?)

and weighing cartons (too heavy for shirts?).

More ambitious: radiological and biological

inspections, GPS, and even RFID knowledge

down to size, color and numbers.

From Pakistan to Peoria . . . Seventy-ve days and 14 handoffs later, how one cotton shirt

1 2 3 4 5 6

A container truck picksup the loaded container

and transports it toQasim International

Container Terminal.

The consolidationwarehouse loads cartons

into a 20-foot container,then seals the container

using a barrier sealand indicative tape.

Cartons of nished goodsare delivered by truck

to the consolidationwarehouse.

A purchase order is

cut for 600 cartons of

shirtssome 75,000in all. The order is then

lled by a contractmanufacturer in Karachis

Textile District.

DAYS 2-24KARACHI, PAKISTAN



The container is checkedinto Port Qasim. There,

after being released bycustoms and terminal

authorities, it is loaded

onto the feeder vessel.

DAY 30KARACHI, PAKISTAN

The feeder vessel sailsfrom Karachi to Sri Lanka

by way of Mumbai, India.This rst part of the

journey takes ve days.

DAYS 31-35ARABIAN SEA

DAY 1KARACHI, PAKISTAN

Busiest PortsRanked by Container Trafc

PORT CONTAINERS PER YEAR

1. Singapore, Singapore 24,792,000

2. Hong Kong, China 23,539,000

3. Shanghai, China 21,710,000

4. Shenzhen, China 18,469,000

5. Busan, South Korea 12,039,000

Source: 2006 American Association of Port Authorities rankings

Peoria,Illinois

Chicago Cleveland

Newark

Halifax, Nova Scotia

Atlantic

Ocean

11

9

10

1413 12

Risk Factors


13/3213

makes its way from Karachis garment district to a Midwest department store.

7 8 9 10 11 12 13 14

The mother vessel

arrives in Nova Scotia.

More containers aredischarged. The vessel

then departs for thenal leg of its journey

to the United States.

The mother vesselsails 18-19 days to

Halifax, Nova Scotia,traveling through the

Suez Canal, across theMediterranean, then

across the Atlantic.

Vessel arrives at Colombo

Port. There, the shippingcontainer is trans-loaded

from the feeder vessel tothe mother vessel, bound

for the United States.

The vessel arrives at

Mumbai Port. After

discharging somecontainers, the

vessel then departsfor Sri Lanka.

DAY 36MUMBAI, INDIA

DAY 39COLOMBO,SRI LANKA

DAYS 40-59AT SEA

DAY 59HALIFAX,NOVA SCOTIA

The mother vessel arrivesat the Port of New York/

New Jersey, where thecontainer is ofoaded.

After customs and

terminal releaseapainstaking process

with cargo from SouthAsiait is then hoisted

onto a container truck.

DAY 62NEWARK, NJ

The container arrives bytruck at the distribution

center. Here, ofciallytaking control, the

shipper breaks the

lock, unloads thecontainer, then enters

relevant trackingand location data

into the warehousesreceiving system.

DAY 65CLEVELAND, OH

Final delivery. Shirts areremoved from the carton

and placed on sale for$24.99. Youll take the

blueand wear it that

night at the barbecue, alittle more than 10 weeks

after it was ordered.

Three hundred cartonsof shirts arrive by truck

at the warehouse of amajor department store.

There, the cartons arereceived and put away.

Then, after the store

sends a demand signal,the selected cartons are

packed and shipped.

DAY 69CHICAGO, IL

DAY 75PEORIA, IL

1

6

Karachi,Pakistan

2

4

Colombo, Sri Lanka

Mumbai, India

Arabian Sea

Suez Canal

9

3

7

8

5


14/32

Risk Factors

THEYRE NEXT-DOOR NEIGHBORS, growing faster than any

two economies in history. And, at 2.5 billion strong, they

offer two massive labor pools the size and quality of whichthe world has never seen. Yet as China and India become

the worlds largest economies, each brings the risk of

political turmoil (Kashmir, Taiwan), environmental collapse (20

of the worlds most polluted cities are in China), and social

tension. (In 2005 alone, China saw 87,000 protests and

public disturbances.)

For business partners, these two economies present

still other risks: counterfeiting, IP theft, suspect food

and toys. Finally, there is perhaps the biggest risk of all:

environmental catastrophe. Then theres perhaps the most

rampant risk of alllosing control of your intellectual

property. Without the latest privacy tools, in as little as two

removes, an organization effectively loses control of its IP.

In 2006, the U.S. did $343 billion in trade with China.

But what if Chinas industries are caught selling tainted

toys or food? Where to turn? And what about the alarmingamount of non-performing loans that Chinese nancial

rms are carrying, estimated to exceed $1 trillion, or a

staggering 40 percent of GDP.

India presents similar riskshighest of all, political

risks, with its 10 million-strong bureaucracy and culture

of corruption holding back the tens of millions of ordinary

Indians who struggle just to meet lifes basic needs.

Will these two titans break down, or break through?

One thing for sure: Partners will need robust contingency

plans and tight controls.

The China-India Effect

The Weather ChannelWHATS UP WITH this crazy weather? During 2004 and

2005, the U.S. saw seven of the most damaging storms

in the past 106 years. Including Katrina.

In any case, wherever you stand on the Global

Warming debate, there is no denying the growing severity

of tropical storms. Today, the number of intense Category

4 and 5 hurricanes has nearly doubled. Or consider 2008

alone: In the space of two weeks, Hurricane Gustav

caused an estimated $3 billion in damage in the U.S.,

while catastrophic oods in northern India left a million

people homeless.

The other wild card is the ever-mounting value of

what hurricanes can destroy. By some estimates, that

damage-potential is doubling every 10 years. Over the

next ten yearseven at a conservative multiplier of 4

percentthe cost of a once-in-a-century storm could

soar to $200 billion.

Then theres the oil factor. With the U.S. Gulf

accounting for 30 percent of the nations oil production

and 20 percent of its natural gas, storms can severely

cripple the economy. Witness Katrina, which damagedalmost one-fth of U.S. oil production. In any case, the

severity of stormsand the connected infrastructures

they disruptnow vastly exceeds the power of

government to contend with them. Enter Walmart, which

stepped up during Katrina, supplying its customers with

batteries and food, water and ice. The goodwill that such

hardiness and versatility engenders is incalculable.

Survivable systems. Variable plans. Redundant

capacity. All help organizations lessen the chaos that

storms can unleash.

Risk Factors


15/3215

THE CNN EFFECT is the BBC, Facebook, and Matt

Drudge Effect. Its the herd effect of rampant news 24/7,

all driving the kind of mass speculation and worry thatsparks global stampedes.

Its the stock that takes a beating, often on little

more than rumors. Its the gravity-defying story that wont

go awayan eternity if its your story. Above all, its how

stories can accelerate and mutate in a world with no off

switch. All with huge impacts on global business.

It wasnt always so. Until 1980, when CNN

opened its doors, people got their TV news in

modest, meal-like doses. But then with the revolution

in telecommunicationsespecially in instant live

coveragecame the rise of truly global stories like

the O.J. Simpson trial, 9/11 (half the TV-owning public

watched) or the Beijing Olympics.

Omnipresence has its costs, however. In fact, it

could cause a rethinking of the old adage, Theres no

such thing as bad publicity. Several years ago, when amajor oil company was caught overstating its reserves, its

stock sank 10 percent in the rst two weeks. Unfortunately,

the bad news only continued, triggered by government

investigations, high-level executive resignations, and a

review of the companys management structure.

As The New York Times put it, When the Terrorist

Era meets the Information Age, a Time of Confusion

results. The issue is managing the confusion, rather

than succumbing to it. The real task is nding a safer

harboror at least a better workaround.

The Media Effect

The Regulatory WaveTHE ASIAN FINANCIAL CRISIS. The Argentine

nancial collapse. The dot-com crash of 2000, and now

the sub-prime melt-down, bringing down giants like Bear

Stearns, Fannie Mae and the UKs Northern Rock.

The result: Waves of national and global

regulation... Sarbanes, IFRS, Basel II, and much

more to come. Add to that wave after wave of corporate

governance. Security breach reporting. Privacy and data

protection. Not to mention industry-specic regulation.Further confusing matters is the global dimension,

in which laws and regulation founded on territorial

jurisdictions are often imposed on cross-border

transactions and information ows. The resulting

complexity and compliance risk poses one of the great

pressures on 21st-century leaders. Beginning with a

tab that, for the top 100 institutions, could reach $100

billion by 2010.

Such overwhelming complexity likewise explains

why a recent survey revealed that only 41 percent of

the companies surveyed felt their boards really have a

handle on it. In this sense, the Regulation Wave is reallya security concern. Not to mention a brand risk for

those organizations that drop the ball.

Today, theres a better way: Doing a full

regulatory inventory, then rationalizing the necessary

controls and responsibilities. In other words, by treating

compliance holistically as a securitymatter, with the full

cooperation of IT.

Against the regulation wave, there is only one

optionswim faster. Fortunately, next-level integration

can keep the leaders well ahead of the wave.

CORBIS(2)


16/32

SNAP. China stumbles, or Avian Flu boils

up. Or a container scare triggers a rolling

port shutdown.

A hyper-connected world is loaded

with traps, and anything can trip them. In

a connected world, the effects are vastlymagnied in force and speed, especially if

your organization lacks connections needed

to negotiate the best path. The result is a

world of big winners and big losers in which

acting rst is critical. This also explains how

small players can fast become huge, while

the big players can fall faster and harder

than ever. Why? Because of the domino

effects of a connected world.

Risk Factors

TerrorismIn 2007, there were 14,000

terrorist attacks resulting

in over 22,000 deaths. Of

the total reported attacks,

about 43 percent occurred

in the Middle East/Persian

Gulf, while some African

countries experienced

a staggering 96 percent

increase in violence. Today,

each year the U.S. spends

about $500 billionor roughly

20 percentof the federal

budgetin its efforts to combat

or prevent terrorism.

Anti-GlobalForcesWhat if activists or failing

states make doing business

prohibitive in parts of the

world? What if China exes

its muscles, as Europe

does the same? In time,

will 9/11 come to be seen

as globalizations rollback?

What if U.S. unilateralism

continues to polarize?

Apparently, globalization

has its antimattercan youcounter it?

OutbreakGlobalization is the ultimate

Petri dish, spawning, even

in the past few decades, at

least 35 new diseases. Take

Avian Flu. It is now estimated

that an outbreak could cost

between $1.5 to $2 trillion,

while affecting one of out

ve people. What if your

workforce suddenly had to

spend months working from

home? Do you have the plans

and system security able to

support it?

PotentialTraps andEffects

Risk Factors

ShareholderPressureIt began with Enron and

WorldCom, with investors

sacking CEOs, disrupting

meetings and shaking up

boardsanything to make

the numbers. Today,

shareholders and stakeholders

putyour business under

more scrutiny than ever. Add

to that the era of corporate

responsibility and enhanced

scrutiny, and the stakes have

never been higher.


17/32


18/32

Your new world is aone-strike-

heavily

Solutions


19/32

youre-out world,punishing mistakes.

New regulations and standards. An era of

corporate responsibility. Activist stakeholdersand a hyperactive press. All have ratcheted up

the expectations around security. Or else.


20/32

TELEGRAPH INVENTOR Samuel F.B. Morse

spoke of his great aim to annihilate

distance. Today, the challenge is invisibility:

The millions of products and shipments that

can be lost, pilfered or counterfeited as they

traverse the world.

Ocean-going shipments hold a special

danger: Just try to nd out who really

owns a ship. As William Langewiesche

observes in The Outlaw Sea, forty thousand

merchant ships . . . wander the wor ld with

little or no regulation. This includes the

20-plus freighters estimated to be owned or

controlled by al Qaeda.

The high ground for business and

government is control in all modes: sea,

air and land. For high-value or high-danger

goodspharmaceuticals, for instance

electronic pedigrees offer a detailed log of

every stop, from plant to loading dock to

checkout scanner.

What is it? Who wants it? Where is it?

The difference is, real-time knowledge of

whats in the box, down to granular detailsof sizes and colors. Its a stronger demand

signal, along with the real-time ability to

satisfy customers with accurate and timely

shipments. And its the wealth creation of

precision pricing.

Today, secured trade is a driving force in

shareholder value. As business follows the

sun, success demands a bigger picture and

a brighter, sharper lens.

ControlFrom SpaceGPS and other tracking

technologies follow

the container through

every conveyance,

ship, truck, rail or air.

Meaning, the ability to

commit-to-order, with a

sure delivery date.

ControlIn the ContainerEverythingin detail. Where through

GPS. Whatthrough RFID. Who had it,

when. The result is a rolling inventory,

protecting every pallet. Technologies:

pallets shrink-wrapped, RFID-tagged,

then smart-sealed with currency-like

tape that exposes tampering. Plus,

monitoring devices that send alerts

about excessive heat or vibration.

Maintaining SecurityOn Every LevelOn air, land and at sea, goods are locked

and locatedat every step, even when

switching teams and modes. And people

are fully accounted for.

LABEL

LABEL

8 FEET WIDE

KEEPING CONTAINERS SAFE

8 FEET TALL, 40 FEET LONG (2 1/2 CAR LENGTHS)

FALSE WALL

Each container is

measured to ensureagainst false walls that

might conceal illegaldrugs, weapons or

immigrants. Radiological and

biological tests are

performed. High-tech deterrents

are deployed insideand out. Can include

radiation sensors,GPS devices, smart

container sensors,

barrier seals, indicativeseal tape, RFID seals

and ber-optic seals. Filled weight is

checked against

empty weight. Does itconform to the size of

the cargo? Does it alladd up?

SecuredTrade

Solutions


21/32

Control In the AirSince 9/11, U.S. regulations require greater visibility into shipments. Air carriers handling imports

will have to transmit cargo data four hours before arrival. The solution: Neutral, Web-based portal

brings together shippers. Add to that the precision of bar codes and RFID. Meaning, mastery of

the real-time details: who, what, where and when.

Control at the PortWhats in the box? The ships

captain, Customs, port security

all have complete control

from arrival to departure.

FINGERPRINT READERS:

With a touch, authorizedlongshoremen gain instant,

point-specic access.

21

SecuredBorders

SCANNERS: Handheld scanners

track and verify contents.

Gamma-ray scanners ensureagainst false walls, contraband

and radiological devices.

THE NUMBERS ARE DIZZYING 4000 global

ports 300 U.S. ports of entry processing 400

million people traveling across our borders in

133 million cars. Add to that another 4,000

ports globally, and its easy to see why customs

agents are so stressed.

The good news is, border security has

never had so many toolsglobally integrated

databases merging country databases with

criminal databases like INTERPOL.

For example, with globally integrated

databases and license-plate readers (able to

read the tags on cars traveling up to 60 m.p.h.),

border control agents can know whether the car

is stolen before it hits their station.

But there are other tools as well. Smart

Cards with smart chips contain rich information

on the holdings, and Business Intelligence

validates the credentialing documentation.

Borders and facilities can be better secured

with ID technologies, ranging from intelligent

video to iris or nger vein pattern recognition.

And, because they are built on Service-Oriented

Architecturesindependent of the underlyingtechnologiessystems are future proof. In

other words, easily and inexpensively updated.

Today, the hero of this story is not the

technology, which is now fairly mature. Rather, it

is the ability to integrate these systems, locally,

nationally and globally. The result is positive

identity and secure bordersall translating into

more secure and satised citizens, travelling with

greater condence and ease.


22/32

FINGERPRINTS

YOURE IN! Facility accessor access to PCs and

other systems. Electronic

keypad collects image and

scans zones against a

known image or database.

The FBI ngerprint

database now holds some

81 million records.

ID CARDSID CARDS SMART EVERYTHING:

Cards can be single-use (drivers

license) or multipurpose (health,

immigration, ATM and more).

National ID cards? Controversial. But

more countries are going that way.

FEATURES: Rainbow printing, micro

letter, holographic overlay, ultraviolet

and more.

PLUS, SMART CHIP: 32K of personal

history, medical, thumbprint

minutiae, color photo.

RETINAL SCANNINGIN THE EYES: Identity based on blood

vessel patterns in the back of the

eyeunique as snowakes. Can be

active (range: 6-14 inches) or passive

(more user-friendly, up to 3 feet). Then

theres iris-on-the-move, scanning theiris while the person is in motion.

MakingCertainMr. JonesReally IsMr. Jones

Technologies that help

verify identities

creating a more secure

environment by linking

each citizen withthe relevant data.

BIOMETRICSPERSON POSITIVE: Automated

authentication through physiological or

behavioral characteristics: ngerprint,

retina, voice, hand geometry, etc. Scans

against a known database.

CITIZEN TRAVEL: Faster travel throughbetter recognition, or even traveler

speed passes. (But only with

voluntary background checks.)

GOVERNMENT FACILITIES: High-security

environments use corroborating checks:

ngerprint, face and more.

HIGH-RISK FACILITIES: Power plants,

reservoirs, drivers of radiological waste.

ONCE, TRUST WAS a known facenolonger. As we travel, faces grow hazy, with

dangerous consequences when we trust

the wrong person.

As The 9/11 Commission Report

observes, Today, a terrorist can defeat the

link to electronic records by tossing away an

old passport and altering slightly the name

in the new one. Fortunately, with biometrics,

this once blurry picture is fast coming into

focus. Another big advantage: Speed. Better

identication means citizens and goodsand

economiesmove more efciently. Today,

around the world, retinal scanning, ngerprint

identication and advanced facial recognition

are protecting key infrastructure.

At the same time, with smart passports

containing digital photos, ngerprints and

chips, Customs and law-enforcement

personnel have the full picture. With powerful

databases, they can see connections

around the world. With biometrics, those

who transport dangerous cargo are in fact

the people authorized. Similar trackingtechnologies mean that elections are fair and

democratic, and that citizens are connected

to government and vital services.

Take MyKad, the digital ID card now

carried by 22 million Malaysians. Consolidating

drivers licenses and identication cards,

this one card can do virtually everything:

bill payment (ePurse), tolls, parking/public

transport, ATM banking, health services and

more. And, Malaysias smart card is moving

citizens through immigration checkpoints.

SecuredIdentity

Solutions


23/32

MAKING IT VISIBLEFirst used for critical

military shipments like

blood and munitions, RFID

and GPS technologies are

steadily gaining commercial

acceptance, especially

as they get cheaper. The

payoff: real-time information

improves decision-making.

And reduces the errors and

delays of intermediaries.

PROACTIVETRACKINGTracking is best done by

exceptionfocusing on

problem shipments rather than

routine shipments. Deeper

control, less wasted time.

CONNECTINGTHE PLAYERSShippers, forwarders,

airlines, Customsall

require the same

information. But who

wants to wade through to

multiple sites to nd it?

The future: Neutral portals

for booking and tracking. A

one-stop shop for multiple

carriers.

From Timbuktu

To YouThe heavy freight industry gets seriouslyconnectedwithout the heavy lifting.

NO MODE OF TRANSPORT is rising fasterthan heavy air cargo. But to continue its

ascent, the industryfreight airlines,

forwarders and carriers with belly

spacemust collaborate as never before.

Especially if it is to compete with carriers

offering guaranteed service and real-time

tracking. Yet look at the challenges.

First, the industry needs to embrace

the latest in digital technologyespecially

next-generation Web integration. It

must contend with aging airports and

spaghetti-like legacy networks. And, it

must better manage todays disruptive

givens: terrorism, military action, economic

turbulence, health outbreaks, and more.

Finally, the system needs dynamic decision-

making to better manage assets, capital

and information.

Solution: Create a new virtual

network, with seamless reach, total

control and on-time accountabilitybut

with a key twist. Consider: When asked,

the major shippers will offer real-timepackage tracking. But what if the shipper

wants customized proactive alertsat any

milestone? Say, a beep on your PDA or cell

phone: Shipment confrmed.

With an online portal, customers

nd easy access, competitive

efcienciesand alerts. Edge-to-edge

control, all seamlessly connecting

customers and real-time tracking. On time.

Theirway.

23

SecuredAir Cargo


24/32

Solutions


25/32

25

Secured InformationCYBER SECURITY: It touches everything the security of

your information, your partners informationand that of

your customers. Thats a lot to potentially go wrong. And, as

the numbers show, disaster potential is real and growing.

But look at the deeper potential costs: Bad publicity

millions lost in reparations lost customers the

demoralization and distraction factor and, nally, a

serious hit to your brand. And why? Because of what

organizations too often leave outend-to-end control.

But improved control yields even larger business

outcomes. It includes improved enterprise performance,

say, with in-transit control and tracking management. It

means better managed operational risk, especially when it

comes to people, security, IT systems, goods and assets.

And it means business optimization through improved

supply chain efciencies and IT systems protection.

Imagine weather prediction without satellite images.

Imagine ight without radar. Thus, to change the cyber

security picture, organizations need control inside and

outside their four walls. In short, to see the full picture of

enterpriseand extra-enterpriserisk.

Connected enterprises are more secure because they

can better grasp the full picture. They can read changing

patterns of risk. They can see interdependenciesthe

gapsbetween them and their extended network. And they

can play outin advancea path through potential risks.

Cyber security: Today, the path is not more locks and

keys. Its the end-to-end connection that helps you secure

your world and better focus your creative energies.

Secured BanksBANKS CAST A LONG SHADOW. Shackled in security,

they are perversely vulnerable to the gaps that phishers

and data poachers are quick to exploit. Blanketed with

accountability, too often they cant be counted in to

manage their own growth. Or keep count of their own

customers. As the analyst Tower Group observes,

A history of tactical cost-cutting and duplicativemaintenance efforts has left nancial services institutions

mired in a maze of barren business operations,

fragmented technologies, redundant controls, and

information integrity issues.

But what about a bank built with end-to end

securitysecurity that allows it to better spot

problems and adapt to changing business and

customer requirements? In other words, what if a bank

not only had better integration, but also the ability

to secure its assets? Today, such security is very

achievableand long overdue.

The secure bank begins by giving people at all levels

from boardroom to the data centera complete digital

map of branches, consumers, corporations, business,

regulators and partners: everything and everyone the bank

touches. Bankers get real insight into which operations

and which customersare really driving prots.

Instead of losing track of its customers, the Secure

Bank has deep insight into the customers changing

needsin real time. And, with a real-time infrastructure,the bank knows what systems it has on line, just as it

can monitor over-or under-capacity, then act to balance

it. Security: With zero-gap protection, the bank can see,

trackand thwartthreats. And, with a hot-spare of

virtual capacity, it can recover systems within 30 minutes.

The Secure Bank sees the true path to change. It

adapts in real time. And it can spotand secure itself

against this ever-moving storm of digital risk. Today, through

next-level security, the banking industry can emerge from its

long shadow. And shine.


26/32

The 21st CenturyOrganizationBy creating a digital model of a

process, organizations can see

how one layer of the business

affects another. The payoff:

quick, well-formed insights

into unfolding events.

FROM CHALLENGE COMES OPPORTUNITY

and those who best innovate in times of

struggle win. Too often innovation, however,

has focused on the what -- the latest and

greatest gadget. While perhaps successful

in solving a very specic challenge, point-

solutions are at best inefcient, and at worst

they create a whole new set of challenges,

the least of which being their expense.

What is required is innovation of the

how. And often it is the elegantly simple,

unied approach that best strikes the

delicate balance between competing forces:

between agility and assurance, between

physical and data, between old and new,

between security and innovation.

An elegant, unied approach means

less complexity from one-off point solutions,

yet more agility and control. Less loss from

counterfeiting, spoilage, and fraud, moreoperating continuity & performance. Less

restriction of end-user technology choice

and social networking, more empowerment

and employee satisfaction. Less risk,

more protection, trust, and assurance.

Less compromise, more value and success.

Less fear, more freedom.

STRATEGY MAP

The layer where the

business vision and

operations model is

established. Also,

where economic

value, security,

partner interaction

and standards

adherence are

determined.

PROCESS MAPThe layer where thevision is carried into

core operations.

Deals with virtually

every process that

touches the identify/

track/ trace/protect

framework. Example:

Supply chain.

APPLICATIONSMAPThe layer where data

is analyzed to assess

opportunities and

threats. Also where

modeling is done based

on data captured from

RFID devices, readers,

sensors, bar codes

and other tracking

technologies.

INFRASTRUCTUREMAPThe layer that provides

a road map to eliminate

redundancy, leverage

functionality and identify

how to best implement

your technology

investment in devices.

SecuredEnterprise

Solutions


27/32

27

Our Portfolio

UNISYS. SECURITY UNIFIED

At Unisys, we assess, design, develop,

and manage mission-critical solutions

that secure resources and critical

infrastructure for governments and

businesses. Our approach unies

resource and infrastructure security,

creating the most effective and efcient

security environment possible and

freeing our client to focus on best

serving its citizens and customers.

Our people security solutionsidentify, credential, verify, and prole

citizens, travelers, and employees,

for both physical and digital facilities.

Our asset security suite of

solutions allow you to track and trace

goods, physical and nancial products,

and data, both in motion and at rest.

Our critical infrastructure security

solutions for facilities, borders, and

networks -- save life, property, and

forensic evidence, and restore life to

normal after natural or man-made attack.

And our advisory and analysis suite

of services provide a strategic security

roadmap and a real-time, predictive

risk intelligence solution.

All of our security solutions

deter, protect, and defend against

tampering, fraud & attack at all points

of vulnerability. They consistently and

fully enforce a customers policies,

mandates, and regulations. They

increase organizational clock speed,

self learn, and ultimately reduce cost

and avoid loss.

We have an extensive heritage

working with defense, security, and law

enforcement agencies, particularly inmission-critical operations, which places

security at the core of all that we do.

For example, the U.S. Army needed to

know the exact location and contents of

thousands of containers and air pallets

of cargo in transit per day for military

personnel across 1,500 nodes in 25

countries. Unisys implemented a unied

4m+ RFID tag solution that provides the

Army with instant access to equipment

and supply information. It has increased

productivity, improved war ghter safety,

and reduced costs.

We have created industry-

transforming systems where information

is unied, intelligently and securely

shared amongst partners. For example,

the Government of Malaysia wished

to provide a single citizen ID card,

consolidating drivers license, bill

payment, tolls, parking/public transport,

ATM banking and health services. Unisys

brought to them a unied solution that

utilizes a state-of-the-art MyKad (My

Card) -- a secure multipurpose smartcard

for all citizens over 12. Now Malaysias

23 million citizens get faster service and

better information privacy, plus economic

activity increased.

We unify the how. We integratesecurity domains, employ an aligned

methodology, develop and reuse linked

models, and share a common desire

with our clients to allay their customers

fears. For example, Chiles Santiago

airport must securely process 3 million

people per year. Unisys delivered a

unied solution that identies travelers

via passport readers and facial and

ngerprint recognition and automatically

evaluate against watch lists supplied by

Interpol and local police agencies.

For us, its not just about security;

its what security enables our clients to

do. When you are secure, you are in

control. You are efcient and effective.

Your citizens and customers trust and

value you. You are fearless. You win.

Complementary Unisys offerings.

Unisys Application Modernization and Outsourcing

makes operations more agile, secure and efcient

while lowering overall costs. Our approach

leveraging over 1,400 unique, pre-built application

and process models and grounded in our 30 years

of experience and leadership in mission critical

and open technology -- delivers faster, cheaper

and with the least risk of disruption to our clients.

Unisys End-User Outsourcing provides anywhere,

anytime, one-call support that increases user

satisfaction while driving down support costs.

We leverage the combination of our global

ITIL-based Resolution Optimization Model

and network of 31 ITO Operations Centers

with 6,000-person strong eld force to deliver

measurable cost reductions, improved satisfaction

levels and faster time to incident resolution.

Unisys Data Center Transformation and Outsourcing

leverages our long heritage of expertise in the

data center. Combined with our independentthinking, innovative infrastructure and sourcing

capabilities, Unisys delivers data center solutions

that are more secure, more productive, and more

reliable while decreasing operating and capital

costs and increasing business performance.


28/32

Your walls. Their walls, inside and outside.

In an era of rising threats, your perimeter is

ever-expanding. Andunless you get the full

picturepotentially riddled with dangerous gaps.

Winning today begins by acknowledging the

changed risk equation. In a connected world, when

things go wrong, they will go wrong faster than ever.

A converging world

needs the seamlessnessof converged security.

Conclusion


29/32

29


30/32

Moreover, the system effectslike that of a power

grid crashingwill be faster and more far-reaching

and far more opaque, as the subprime crisis so

clearly shows.

Fortunately, thanks to converged security, just

as the world has grown larger and more chaotic,

improved integration technologies and clear

standards make the necessary integration a more

predictable and less costly process. At the same

time, converged security means your organization

can easily integrate a host of stable and mature

security technologies: iris scanners, license plate

readers, RFID and more. And we integrate it with

platforms and systems that you already have.

The result is a powerful merging of two, once-

separate realms: your IT systems with your physical

assetsthe whole enchilada. The result is a truly

enterprise-level ability to protect people and data,places, and things. Further, by using the latest in

open-source technologies, systems can be future-

proofed against the next generation of change.

Physical Security, IT SecurityConverged

Again, the most obvious difference here is

an all-new level of integration. The less obvious

Conclusion

more on paying risks, as opposed to thankless

risks, like phishers and hackers.

A System That Can Secure Itself

The result is a system that can secure itself

against theft and counterfeiting, or fend off electronic

attackers. Or send instant alerts, say, when a hard

drive has been damaged or compromised, or medicinehas been subjected to too much heat or vibration.

After all, if we can sift and test the soil on Mars, surely

we can know the facts vital to our products, fortunes

and reputations. Or, for that matter, with whom we are

really communicating.

Today, converged organizations deliver exceptional

performance and exceptional control over costs. And

they have an inherent capacity to manage risk, all while

delivering the enhanced productivity and efciency

and the ability to innovatethat delivers true growthand reward in the marketplace.

An always-on world needs always-on security.

And now that day is here. Today, the two once-

separate worlds of physical security and IT are

converging. One system. One comprehensive view

of physical and digital reality. One secure path to

innovation. All under total controlyourcontrol.

difference is an organization with the clarity and

control to collaborateand innovatewith much

higher condence, and thus a much greater degree ofsuccess. In both the public and private sectors, the

benets are as powerful as they are wide-ranging.

To be sure, bad things will happen, as they always

do. The difference is, far fewer will snowball and wreak

havoc. Why? Because organizations have the real-time

ability to sense and respond, whether to competitive

change or actual threats. Meaning, you can focus


31/32

31

Specications are subject to change without notice. 2008 Unisys Corporation. All rights

reserved. Unisys is a registered trademark of Unisys Corporation. All other brands and

products referenced herein are acknowledged to be trademarks or registered trademarks

of their respective holders. Printed in United States of America. October 2008.

This book was illustrated and designed by Splashlight.


32/32

a delicate balance: a visual guide to secured business operations

Documents