Security Management Presented by D. Eric Leighton, President/CEO May 16, 2007 New Hampshire Chapter of PMI
Security Management • How do widely dispersed project teams collaborate safely and securely? • Introductions • What’s Changing • Typical Security Environments • Five Fundamental Challenges • Real World Situation • Simple Solutions to a Complex Problem • Questions & Answers
Background • D. Eric Leighton • Co-Founder of LoadSpring Solutions, Inc. • 14 Years of Technical and Management Experience in computer Hardware & Software industries • BS Mechanical Engineering, University of Maine, Orono, ME • MS Mechanical Engineering, Rensselaer Polytechnic Institute, Troy, NY • Enjoys hiking with family, mountain biking, fly fishing, canoeing and is a licensed Maine Guide through the Maine Department of Inland Fisheries and Wildlife • About LoadSpring Solutions • LoadSpring Solutions delivers application hosting services that provide reliable access for project teams through its sophisticated security, proactive support and intuitive user interface known as the CAM Console™. Founded in 1999, LoadSpring supports Fortune 500 companies and Engineering News-Record (ENR) top firms in the fields of construction, heavy equipment manufacturing, real estate services, engineering and energy/utilities. For more information, please visit www.loadspring.com.
Experience Heavy Equipment/Manufacturing Construction Engineering Energy & Utilities Real Estate Services/Facilities
What’s Changing • Increasing reliance on the Internet as a data access platform • Teams need real-time access to information and applications • Global project teams • Time zone differences • Limited on-site network infrastructure • Access for project teams cannot disrupt security of internal network or sensitive data • Internal IT groups already overly taxed defending what’s behind the corporate firewall • Multi-layered information access across industries like financial services, construction, real estate services, energy, heavy equipment manufacturing is increasing
Typical Office Security Environment Public Internet Hacker Hacker Typical Firewall Office Network
External Access Security Environment Hacker Business Partners Hacker Office Workers External Firewalls Internal Firewalls Public Internet Shared Access Network
Five Fundamental Challenges • Is there a corporate focus regarding data/application sharing? • IT must make it all happen? • Outsource everything? • Time & money: the cost of security, expertise & time to deploy • Most IT professionals are trained at defending the internal network from external threats • Providing filtered access is a new challenge, requiring familiarity with different approaches and technologies • User simplicity • Technologies that are routine to “Techies” are complex and cumbersome to the average user • Installing/Configuring/Accessing VPN’s • Sharing Files with Corporate FTP Sites • Managing the system: wrong person – wrong task • Project Managers know the applications but don’t know IT • System’s Administrators know IT, but don’t know project management • Support • Geography and time zones, along with third parties (using machines not maintained by your IT department) make support by internal IT a nightmare
Real World Situation • Technical requirements • Perini Construction needed to provide remote project teams access to several Primavera applications including Expedition and P3 e/c with performance equal to or greater than in-house solution • Remote system must be remotely managed • System also must be simple from the user perspective and highly secure • Business challenges • Perini did not understand the business challenges they faced when attempting to deploy a remote software access system for its growing collaboration demands • If you sampled the IT managers at all Fortune 500 companies two years ago, it’s likely that about 500 would tell you that their IT staff is overworked with too many projects to complete in the timeframe required. Perini Construction was learning this in real-time back in 2003 • They estimated that they could get their in-house solution completed in about three months with hardware costs estimated at about $35,000 with two dedicated full-time IT resources. This was a significant underestimation
Real World Situation (continued) • Security • Granting access to users outside their protected corporate network • Access from countries with little or no political nor governmental infrastructure • Working with multiple governmental agencies and users from multiple mid-eastern countries • The security requirements of this project would require high technology, high encryption and procedures beyond the scale typically deployed by Perini • Support • Supporting external users from other organizations was a big concern • Supporting software being deployed remotely was also a concern. How do you support software with users that are 7,000 miles away? • Time zone challenge • Perini was having problems at 10:00 a.m. local time, but that was 3:00 a.m. EST. Supporting these remote users throughout their work day would require hiring an IT staff that worked after hours for a premium.
Real World Situation (continued) • Perini’s solution – Outsource to LoadSpring Solutions • Business decisions: • Can we do it? Should we do it? If we don’t, who can? • Project management is business-critical bordering on mission-critical • Time & Cost evaluation • Direct costs to outsource was less, capital expenses could be eliminated • Deployment with LoadSpring could happen in a matter of days vs. 2-3 months • User Simplicity & System Management • Deployment through LoadSpring’s CAM Console eliminated need for VPN’s or client side configurations • CAM Console enabled Project Managers in Kuwait to create/modify/delete users remotely • Support • LoadSpring provided Primavera app support 24 x 7 while maintaining corporate network security - Priceless
Simple Solutions to a Complex Problem • Evaluate business-critical vs. mission-critical • Determine business objectives and define which data/applications are mission-critical and which are business-critical • Identify security requirements and the impact of not being able to access your applications • For Perini, mission-critical applications were identified as revenue generating, while business-critical were time-saving. • Evaluate costs to deploy • Time • Do I have adequately trained IT resources with appropriate experience in both security infrastructure technology as well as application technology who can manage this system? • How long will it take to deploy the security infrastructure and then to deploy access to my applications? • Look at capital expenses both for application delivery and enhanced security environment
Simple Solutions to a Complex Problem • KISS • You’ve selected a great PM application, but ensure it is easy to use AND access! • It’s simple, but is it secure? What do users and IT have to do to make it secure? • Right person – right task • Ensure you don’t have to get an IT support ticket every time you want to add/delete/modify a user • Remember, you invested in software to save time & money, not waste time with infrastructure challenges • Who’s on support? • Everyone has a support offering, but ensure your solution can consolidate who owns what • If you are time-zone challenged, evaluate the costs of off-hours support and how that would be handled internally
Questions? Contact Information: Eric Leighton Phone: 978.685.9715 x130 Email: email@example.com For a copy of this presentation: http://www.loadspring.com/corporate/security/index.html