Pulaski: If you look at any of the statistics, you'll find that anywhere from 60 to 80 plus percent of security breaches and financial losses that are security-related come from attacks and problems caused by insiders, so that's really the biggest problem and the biggest threat. The stuff we do basically spoon-feeds security data to the IT organization. But there are certain other technologies, for example intrusion detection, where you really, truly have to have a bunch of rocket science-type guys monitoring this stuff continuously on a day-to-day basis. In many cases, a company might need to outsource that function because there's no way for a company to have the in-house staff that can deal with that data.
InfoWorld: As e-business on the Web is increasingly done in real time and becomes more dynamic in nature, will security products be able to keep up?
Pulaski: The technology to support that is there, but it's in its infancy. The key technology there is the ability for directories and metadirectories to work with each other and work in the extranet environment. The directory vendors, whether it's Novell, Microsoft, Netscape, or whoever, would like to see the directories and the metadirectories be able to fulfill that need so external partners and the internal people can work in one common directory for common access control and security. The security implications, of course, are major. You've got to make sure the systems are safe and secure when you're working in that kind of environment.
InfoWorld: If there was one thing you could change about how people approach security, what would it be?
Pulaski: [It would be] the commitment of customers at the board of director and senior management levels on down to ensuring that systems are safe and reliable, especially before they launch new e-business initiatives. I think we're seeing a paradigm shift in how customers view IT. Ten or 20 years ago, IT was a way to lower cost. Today, the information technology really is about drivers for business revenue.