New Approach to IT Security Needed To Meet The Challenges of Rising Cost and Globalisation

London and Cambridge, UK – 19 April 2004 – Professional services firm KPMG and nCipher plc (LSE: NCH), a leading cryptographic security company announced today the availability of a new whitepaper titled “Security in an Island World’. The paper contributes to the growing debate on new approaches to security and offers an alternative road map to implement a consistent approach to the design of security controls to equip organizations with the flexibility and adaptability they need to meet rapidly changing business requirements.

“The pressures of increasing interconnectivity between organisations, globalisation and outsourcing are putting tough burdens on existing security controls – to the point where they could become ineffective at providing the necessary level of IT security,” explains Malcolm Marshall, UK Lead Partner for Security and Continuity Services at KPMG. “In addition, the high fixed costs of maintaining a global, private IT network are increasingly seen as prohibitive, and can in fact inhibit business growth and flexibility.

“Although IT security is rightly seen as a critical component to enable effective IT support for business, faced with business demands to reduce costs and increase effectiveness, existing approaches to secure systems and networks may actually hinder the business process rather than support it.”

The traditional approach towards IT security is to build a security “wall’ around a company’s network perimeter to keep external attackers out. But once holes need to be opened up in the “wall’ to allow “trusted’ access by customers and business partners, it becomes apparent that the wall itself is weakened, and that the wall cannot provide security inside the network once an attacker gets past it.

The high degree of interconnection within business networks means there is too much to watch and too little time to react. Attention must shift therefore from simply protecting the systems and networks themselves to protecting what really matters – the information assets that they handle.

“What is needed is some new thinking” says Richard Moulds, vice president of marketing at nCipher. “There is a need to reduce the costs associated with perimeter security, forever chasing intrusion alarms and continually rebuilding walls around business entities that naturally resist being so constrained. This has become a rallying cry among IT implementation teams representing major companies. The Jericho Forum in the UK is a prime example; FTSE companies calling for a more joined-up approach to security. In a lot of ways the widespread deployment of cryptography represents just such an approach as it provides protection for private and valuable information both at rest and in transit throughout this new Island World.”

The Security in an Island World Approach

For centuries it has been tempting to think of security as a black and white issue – trusted or untrusted, inside or outside the wall. However, the dynamics of today’s business reality require a more sophisticated approach where trust, and consequently the granting of rights, becomes situational and often temporary.

The Security in an Island World approach recognises that more and more organisations are federations or communities, made up of many islands, interconnected, independent and in a state of change. They are like an extended family, embracing multiple sites, remote workers other organizations and supply chains. The goal of ensuring protection for the organization remains the same but the means of achieving that end must be re-evaluated. With the boundaries of the organization so ill-defined it becomes impossible to protect the organization itself. Instead attention must turn to protecting the information assets that the organization really cares about – wherever it goes and via whatever means it is transported.

Although a well established security technology, the use of cryptography has often been limited to isolated and specialised applications. The Island World means that the time is ripe for pervasive adoption. But as is often the case the challenge becomes one of implementation. Properly deployed and managed, cryptography has the ability to provide an auditable level of security. Incorrectly implemented, cryptography, like most security measures, delivers nothing more than a false sense of security. The challenge for those embracing this brave new world is that encryption, and cryptography in general, is no longer confined to a few specialists or indeed to a few islands. It follows the data, spreading to all the islands bringing a new dimension to security management.

The white paper is published today, and is available online via KPMG’s and nCipher’s web sites: http://www.kpmg.com or http://www.ncipher.com/resources/islands-wp

About KPMG
KPMG is the global network of professional services firms who provide audit, tax and advisory services.

KPMG LLP operates from 22 offices across the UK with 9,000 partners and staff. KPMG recorded a UK fee income of L1,008 million in the year ended September 2003.

KPMG LLP, a UK limited liability partnership, is the UK member firm of KPMG International, a Swiss cooperative.

KPMG are preferred providers of information security and business continuity services to many leading global and national organisations. KPMG’s Security and Continuity Services include:

Security management: ranging from strategy, governance and organisational advice, through to designing and implementing security policies and processes.
Business continuity management: business continuity strategy, governance, planning and processes.
Design and build: designing and implementing secure and resilient systems.
Security testing: testing system security – application and infrastructure.
Business continuity testing: planning, running, and reviewing business continuity tests.
Assurance (provided through KPMG Audit plc in the UK): A “one stop shop’ for independent assurance and certification, ranging from SAS 70s, through to BS 7799, and the ITIL based BS15000.

About nCipher
nCipher is redefining cryptographic security to protect points of risk across the enterprise – from network appliances to Web servers, to custom software applications and back-end databases. nCipher provides hardware and software solutions that enable organisations to implement best practice security by addressing the challenges of cryptographic key management and performance. Many of the world’s leading organisations – from Microsoft and Barclays Bank to PricewaterhouseCoopers and the U.S. Navy – rely on nCipher to deliver a sound e-security infrastructure.

nCipher’s products are particularly well suited to organisations with high volumes of security-sensitive transactions, such as banking and financial institutions, government departments, e-retailers and online service providers. nCipher is listed on the London Stock Exchange (LSE:NCH) and is a member of the FTSE TechMARK and FTSE4Good indices with offices in Cambridge, UK; Boston, Seattle, Hamburg and Tokyo. For more information on nCipher, visit www.ncipher.com.