This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
By Barbara Darrow
Information security is a big deal for enterprises, but for a major defense contractor, the task takes on a whole other layer of urgency.
Michael K. Daly, director of enterprise security services for Raytheon Company in Massachusetts, knows that in his bones. When your company designs and manufactures missiles, and intelligence and defense systems, the potential downside to a breach can be disastrous.
Daly, whose team of 41 security professionals works under a $16 million annual budget and supports 73,000 employees, 15,000 contractors and 5,000 partners, sees two major trends.
The first is "data exfiltration," which he says is a fancy way of saying the loss of intellectual property, including private information and corporate data. Previously, security pros spent the bulk of their time fighting off external hackers, he says. "We continue to fight that fight, but now there's also the issue of Trojan horses and viruses and worms that grab data off machines."
The second trend is the whole wide world of mobility. It's one thing to protect data that primarily stays under lock and key in a climate-controlled glass room. It's quite another to do the same with a mobile workforce, and where virtually every enterprise's supply chain includes outside partners--each with its own LAN.
| architecture of our environments has changed," Daly says. "Companies used to build their own LANs, but now services are outsourced, you have different suppliers out on the Internet. Users are not necessarily sitting at workstations on your floor; they're on laptops connecting over T-Mobile, so we have to move the security control from the LAN out into the world."
A couple of Daly's projects reflect that reality. He and other industry leaders in the Transglobal Secure Collaboration Program launched CertiPath, the world's first commercial PKI bridge. That infrastructure enables qualified member companies to cross-certify and authenticate, and is itself cross-certified with the U.S. Federal Bridge, which connects the major U.S. defense agencies.
Jeff Nigriny, president and COO of CertiPath, has known Daly for years and says his efforts are invaluable to CertiPath and Raytheon. "We worked with Raytheon for more than a year [to get the company certified] and Michael rode his team pretty hard. The process is fairly onerous and it's fairly easy to get distracted, but he got it done," Nigriny says.
Inside Raytheon, Daly's group deployed new Internet and teaming gateways to Europe this year. Those gateways help ease Web access, remote access, Web hosting, email with spam and virus filtering, single sign-on to the various Raytheon groups in Europe and the Middle East and consolidate several smaller centers that were used in the past.
Daly, the son of not one but two Raytheon engineers, is a busy guy. Jeff Brown, chief information security officer for Raytheon, cites Daly's technical breadth, which he combines with an eagerness to keep learning.
"If you ask him a question on Friday and he doesn't know the answer, by Monday he'll be an expert," Brown says. Raytheon CIO Rebecca Rhoads agrees. "He attacks everything. He's a voracious reader with great technology abilities and capacity, and he can do a lot of things at once."
Barbara Darrow is a Boston-area freelance writer.
This was first published in October 2007