Customers still manage security with jumble of products, not unified policies

Information technology and business managers at end-user corporations aren't ready to change their business processes to make their data more secure.

But they are willing to invest in a mix of tactical and strategic technology products that can reduce the risk without gumming up the business itself, according to security integrators and IT managers.

Southwest Medical Center based in Liberal, Kan., for example, put together a mix of biometrics and motion detection that allow doctors to use shared PCs to read and enter sensitive patient data without the risk that the next person to use the machine will have access as well.

The doctors log in using fingerprint scanners; when they move more than five or six feet away, a motion detector has the PC log them off and close the records, according to the hospital's network administrator.

Michelle Drolet of Framingham, Mass.-based security integrator Conqwest, calls that kind of integrated workaround "phase one" of an overall security makeover. Only about one in five customers is putting in security policies as well as security products, she said.

She expects that to change as examples such as the recent TJX Corp. debacle show companies how not to do things.

But for now, end-user companies are plugging holes with whatever products will fit, and worrying later about how to make sure the holes never appear in the first place.

The original version of this story appeared on TechTarget sister site SearchWinIT.com.