IN THE BOARDROOM™ with...
Mr. Nick Evans
Vice President and General Manager
Worldwide Enterprise Security
Unisys (NYSE: UIS)
SecuritySolutionsWatch.com:
Thanks for joining us today, Nick. Please tell us about your
background and your role at Unisys.
Nick
Evans: Thank you for the opportunity to speak with you today.
We’re delighted to have been selected as part of your security
stock focus. At Unisys, I lead our Enterprise Security Initiatives
program which is one of our five strategic growth initiatives. The
other four key areas are Outsourcing, Real Time
Infrastructure, Open Source and Microsoft solutions. In the IT
services business, these are all double-digit growth areas - and
areas that we believe are key offerings and enablers for client
business transformation. Our primary focus is to help our customers
in both government and commercial markets to achieve the benefits
of secure business operations. My personal background
includes co-founding the Internet Consulting practice at Coopers
& Lybrand in the 1990s and then running the Emerging
Technology practice at BearingPoint where I focused on Radio
Frequency Identification (RFID) among many other disruptive
technologies that can help achieve business innovation.
SecuritySolutionsWatch.com:
Please give us an overview of the
security services which Unisys offers.
Nick
Evans: At
Unisys, our view of enterprise security is a holistic one, with
end-to-end solutions that help identify people, track and trace
goods and assets, and protect information and IT systems. We
strive to help clients achieve secure business operations across
all these aspects of their enterprise.
We’re
talking about security across people, process and technology. A
secure business operation is a core vision for us along with the
concept of the trusted enterprise. We believe that in today’s
economy, security solutions must be thought of strategically and
applied not only for risk mitigation but also for growth and
innovation. This is a change in mind-set from the traditional view
of security as a cost of doing business or “insurance,” merely
an information protection issue. Our security solutions provide
clients with visibility into all aspects of their operations so
they can reduce costs, improve efficiencies and grow their
business.
Unisys
has more than 35,000 employees worldwide who serve key markets
such as the public sector, financial services, and commercial
industries. Our global footprint and breadth of security solutions
include some of the world’s largest security challenges such as
implementing the first electronic passport with biometrics for the
Australian government and the world’s largest multipurpose
smartcard for the Malaysian government. Unisys also runs the
world’s largest RFID network for the U.S. Department of Defense.
Our managed security centres handle some of the largest volume of
real-time event monitoring to help clients security their networks
more efficiently with around-the-clock protection.
Unisys
offers a range of services from strategy to implementation coupled
with outsourcing and managed services solutions. Our solutions
include security policy and planning, security program management,
security governance, and IT security operations which encompasses
configuration management; vulnerability, event, and incident
management; identity and access management; and business
continuity planning.
SecuritySolutionsWatch.com:
We know that various government mandates such as Sarbanes Oxley,
the Customs-Trade Partnership Against Terrorism (C-TPAT), and
Homeland Security Presidential Directive 12 (HSPD-12), among
others, are market drivers for security solutions. Please tell
us about these Government mandates and we'd appreciate your
perspective on the market drivers right now for Unisys
solutions.
Nick
Evans: Compliance
with government mandates is a key driver for security solution
implementations worldwide and affects both public and private
organizations. These regulations and mandates have brought the
security discussion from the back office squarely into the
boardroom. What’s interesting is that these regulations and
mandates cover more than protecting information and IT systems.
They also apply to how we track and trace goods and assets within
our global supply chains and how we identify personnel accessing
systems or facilities.
For
example, section 404 of SOX requires companies to have controls in
place to protect against adverse, preventable events—including
those within their supply chains—that could impact their value.
C-TPAT requires companies to take responsibility for the security
of their own supply chains. While C-TPAT is voluntary, the
consensus is that it may well become mandatory in the near future.
Issued in 2005, HSPD-12 aims to establish a government-wide,
standardized credential for personal identity verification, or PIV,
for government employees and contractors. This mandate applies to
physical and logical (computer) access and is a good example of
security convergence which we’ve heard so much about in recent
years.
More
broadly, we see compliance as one of “the five Cs” – along
with communications, collaboration, complexity and competition –
driven by globalization that cause organizations to improve their
current levels of security and to raise their overall security
posture. As they operate on the world stage, today’s businesses
and governments now open themselves up more and more to vulnerabilities
that are inherent in global trade opportunities. The Internet,
outsourcing and de-centralization are just some examples.
Companies have become much more agile but their level of
assurance, or security, hasn’t kept pace, yielding an imbalance
between agility and assurance that must be closed. We’ve seen
the downside of this imbalance in media headlines that have
highlighted recent occurrences of identity theft, fraud, lost
backup tapes, container security issues, regulatory fines and loss
of consumer confidence.
Today’s
businesses and governments must deal with these five forces of
globalization together with increasing asymmetric threats such as
acts of nature, terrorism and cybercrime. The challenge is to
protect against the unexpected, the unknown and the unseen. This
is why we believe visibility is such a key topic. You can’t
protect what you can’t see. Having visibility into all aspects
of your business operations provides a greater level of security
while simultaneously improving an organization’s ability to
increase its agility to respond to ever-changing market demands.
We see future security implementations focused as much around
enablers for growth and innovation as they are around risk
mitigation and compliance.
SecuritySolutionsWatch.com:
In the U.S. government market, we understand that Unisys is
involved with several high profile projects such as:
-
Department of Homeland Security Managed Services Contract
- U.S. Army RFID project
- TWIC (Transportation Worker Identification Credential) and CAC
(Common Access Card)
-
Without
giving away any trade secrets or confidential information, can you
give us an overview of Unisys role in these projects?
Nick
Evans:
-
Department of Homeland Security -
Unisys has provided managed services for TSA since August 2002 (at
which time DHS didn’t yet exist). Under the information
technology managed services (ITMS) contract, Unisys and its
partners are building and managing the IT infrastructure for the
nation’s 445 commercial airports, enabling screeners to do their
jobs more effectively and enhance security. While DHS plans
eventually to consolidate IT operations of its 22 component
agencies, it awarded Unisys a one-year “bridge” contract in
December so that the company could continue its airport work and
other support that it provides to DHS.
- U.S. Army RFID project
- Unisys has worked with the U.S. Army for more than a decade,
providing the U.S. military with tools and processes to track
everything from weapons to supplies to medical equipment. Using
RFID gives the Army real-time insight into the location and
contents of every shipment, enabling a quick response to battle
plan changes and ensuring the warfighter has the supplies critical
to his or her mission. The network is supported by servers on
three continents and 1,500 reader nodes across 25 countries.
- TWIC - A
request for information (RFI) was issued recently re: TWIC
IV (this is phase four of the program, which calls for full-scale
deployment of a transportation worker identity credential).
Unisys is working on its response to the RFI.
SecuritySolutionsWatch.com:
In the International market, Unisys has recently had impressive
“wins” with:
- Banorte, one of Mexico's oldest and largest financial
institutions,
- Malaysia’s smart card project and
- Australian passports.
What are the Unisys solutions that have been provided in these
projects?
Nick
Evans: In
the case of Banorte, one of Mexico’s oldest and largest
financial institutions, we are helping the bank improve its fraud
detection capabilities through an advanced technology solution
that monitors transactions in real time and analyzes potentially
suspicious patterns more intelligently across product channels
throughout the bank. The
Unisys Active
Risk Monitoring System
(ARMS) helps
additional banks around the world protect their operations against
identity fraud, money laundering and other security challenges.
The
Unisys solution for Australian passports Australian
passports
uses facial recognition technology to positively identify the
holder of the passport. Australia is the first country to comply
with the International Civil Aviation Organization’s adoption of
such technology as the worldwide standard for biometric-enhanced
travel documents. Unisys helped write the standards that
ultimately were included in designing the passport. The
passport delivers increased safety and expedited service to 20
million-plus Australian citizens.
The
Malaysian smart card, or MyKad
is
a multi-purpose digital application card for all citizens over the
age of 12. It consolidates drivers’ licenses and ID cards for
bill payment – called ePurse; tolls parking; public transport;
ATM banking; and health services into ONE card. The card also
expedites activity at immigration checkpoints. MyKad cards
incorporate a thumbprint, in addition to a photograph and surface
information, to ensure the holder’s identity. More than 18
million cards have been issued
SecuritySolutionsWatch.com:
Let’s turn to the commercial market. Please give our audience an
overview of Unisys solutions in the commercial and financial
verticals?
Nick
Evans: The
Unisys go-to-market approach is first driven by our industry
focus. For each of our target verticals, we have highly focused
security solutions and consultants with deep industry expertise to
tailor offerings for our clients and the marketplace challenges
and opportunities they face. For each industry served, Unisys
brings the same framework of solutions to identify people, track
and trace goods and assets, and protect information and IT systems
but we fine-tune the solutions accordingly.
As
an example of how we tailor services to meet industry needs, our
security offerings for financial institutions to identify people
support the business objectives and priorities for stronger
authentication to meet growing government mandates around the
world, including the recent Federal Financial Institutions
Examination Council (FFIEC) recommendations for two-factor
authentication in online banking here in the United States.
As
I mentioned, we also help banks like Banorte secure their
operations against identity fraud, money laudering and cybercrime
with the Unisys Active
Risk Monitoring System.
Unisys has help Banorte improve its capability to detect potential
fraud through advanced analytics that identify, manage and reduce
potential risk by mining transactions for patterns that could be
suspicious, and sending immediate alerts to risk managers.
Unisys
also provides financial institutions with secure web access and
bill payment, enterprise-wide encryption, track and trace
capabilities for physical data transport such as backup tapes,
managed security services for leading banks such as Lloyds TSB,
and many other areas.
One
of our key offerings in the commercial marketplace is our Global
Visible Commerce
(GVC) solution suite. Our GVC solutions and services enable
organizations to track, trace and secure goods and assets
leveraging technologies, such as RFID, cellular and GPS.
Unisys
GVC incorporates solutions such as in-transit visibility and
security, anti-counterfeiting and electronic pedigree (pedigrees
track all information about a drug or other product as it moves
from the manufacturer to the point of sale), secure commerce and
port security, asset tracking and management, and infrastructure
management services. Our clients include Perdue Pharma, the U.S.
Transportation Security Administration, General Electric,
Thomasville Furniture and Mallinckrodt.
SecuritySolutionsWatch.com:
Unisys recently proposed new global identity authentication
policies at the 15th World Congress on Information
Technology in Austin, Texas. Can you provide some more background
on the policy recommendations?
Nick
Evans: Certainly.
The rapid convergence of security issues among businesses,
governments and consumers worldwide, combined with the growing
debate around individual privacy, has created an urgent need for
identity authentication standards. Validating one’s identity is
something people do everyday, from logging on to computer
networks, conducting online banking transactions, navigating
airport security, and crossing borders, yet very little global
coordination exists in identity management business practices and
procedures.
The
Unisys proposals represent the first attempt to create a diverse
and impartial consortium that would develop standardized business
procedures – not just technology standards – for worldwide
identity authentication. The end goal is to create a baseline for
adoptable global practices, allowing ID credentials to operate
across international borders and encourage confidence and trust
from organizations and individuals around the world.
This
is a large and complex topic and will be an exciting space to
continue to monitor. Our main focus is on the business processes
and best practices behind identity authentication since much of
the standards groundwork has already been prepared. We believe
it’s an area where consumers, businesses and governments alike
can all gain from further collaboration and the end result can
yield improved security and privacy for consumers – it no
longer has to be a tradeoff.
SecuritySolutionsWatch.com:
One will read on Unisys.com regarding the Security Leadership
Institute, “Through published
research on identity management and other top issues, the board
will help clients see "beyond the horizon" and gain
security insights that can become key factors in their long-range
business strategy.” What is the mission of the Security
Leadership Institute and who is on the Board?
Nick
Evans: The
mission of the Security Leadership Institute is to be an objective
source of insight into emerging security issues and best practices
for Unisys, our clients, and the market at large. The SLI is a
working group and the members are a key asset for us in terms of
validating and refining our strategic direction and working with
us around the tough issues confronting the marketplace in terms of
global security. The group is comprised of nationally recognized
security experts from both business and government and includes
prominent individuals such as:
General
Michael P.C. Carns,
USAF, retired - vice chairman of Privasource, Inc., a software
firm that specializes in securing large, sensitive databases.
William
P. Crowell
- Security consultant and former deputy director of the National
Security Agency.
Jim
Flyzik
- a partner with consulting firm Guerra, Kiviat, Flyzik and
Associates, Inc., and former CIO, U.S. Department of the Treasury.
Dr.
Lawrence A. Ponemon
- Chairman and founder of the Ponemon Institute, dedicated to
advancing ethical information and privacy management practices in
business and government.
Patrick
R. Schambach
- Senior
Vice President and General Manager e-Government and Infrastructure
Solutions PEC Solutions.
Alan
Wade
- Central Intelligence Agency (Emeritus) Chief Information
Officer.
SecuritySolutionsWatch.com:
What resources such as case studies, webinars, and white papers,
are available at www.Unisys.com
for end-users?
Nick
Evans: You
can find extensive materials on the corporate web site (www.unisys.com)
that include white papers from our large group of security subject
matter experts on a wide variety of security issues and recent
research on key issues such as consumer opinions on protection and
use of identity credentials that we’ve conducted in conjunction
with the Ponemon Institute – a leading independent firm that
specializes in privacy and security research. In fact, many of the
research findings may surprise you. One of the key takeaways from
our recent research was that a
majority of consumers would share personal data and would consider
biometrics if they knew the end user will securely protect their
information and they can perceive a clear benefit in convenience
gained. For a summary of the research and related security issues click
here.
SecuritySolutionsWatch.com:
Thank you very much for your time today, Nick. Is there any other
subject you would like to talk about?
Nick
Evans: Thank
you. I would like to conclude by commenting what an interesting,
yet challenging, time we live in right now. The security of
people, goods and assets, systems, processes and data have become
an incredible challenge in the global and digital economy. We need
to redefine security to cover all these aspects and think about
secure business operations in a much more holistic manner.
Supporting our clients in achieving this objective is a core
competency for us at Unisys and we take it very seriously.
Please
read our Terms of Use and Disclaimer.
Unisys is included in our Investment
Guide To 350+ Security Stocks©.
|