At first glance, the building where the Web hosting firm operated appeared protected. Inside the fortress-like structure, servers stood locked inside their cages; a wall of industrial-grade shatterproof glass and an imposing, electronically controlled door protected the data center. The operation seemed the model of efficiency and somber authoritybut the model was about to unravel.
Quietly, without being noticed by the guards, a visitor removed a 6-by-9-inch piece of paper from a stenographer's notebook, inserted it between the top of the door and the doorframe, and slid the paper from right to left. In less than five seconds, the paper interrupted the infrared beam of the motion sensor located inside the data center. The door unlocked immediately, its electronic control mechanism responding to a signal that someone apparently wanted to leave the center. The visitor quickly stepped inside the data center and began to wave through the glass to the guards.
Fortunately for the Web-hosting firmand the companies that trusted the firm to keep their sites running 24 hours a daythe visitor was a security consultant. Had it been a disgruntled or former employee, an ill-intentioned competitor or even a violent political activist, the servers could have been unplugged or damaged, causing revenues, corporate reputations and even jobs to be lost.
A Web-hosting firm can claim and appear to be secure at first glance. However, the gap between appearance and reality is why CIOs must take a hard look at security when making the decision to outsource any part of their company's Web infrastructure. Security breaches are on the rise; according to the Federal Bureau of Investigation, system intrusions surged 250 percent in 2001. Approximately 21,000 security incidents were reported in 2000 to Carnegie Mellon University's Computer Emergency Response Team, a federally funded research and development center.
Breaches can result in tremendous damage. One survey conducted by the FBI revealed that e-business security violations worldwide in 2000 caused more than $10 billion in damage. In one case, Stamford, Conn.-based Omega Engineering network administrator Timothy Lloyd created and deployed a virus that wiped out virtually all his company's corporate information after he learned he was to be fired. That breach cost the company at least $10 million, according to the U.S. Department of Justice.