Accenture Releases Report Charting a Course for a More Secure World

Leading Experts Meet in Vision Security Roundtable" Sponsored by Accenture and Purdue University

CHICAGO, January 9, 2001 – Top experts from industry and academia have concluded that existing information security systems – including measures to protect Internet data – are being stretched to the limit by the ever-expanding digital economy, according to a newly released report from Accenture.

Based on a recent two-day "Vision Security Roundtable" attended by 15 of the world’s leading information security experts, the report offers a call to action and examines foreseeable trends over the next decade.

"We trust electronic systems to recognize what is authorized and unauthorized and to act only upon legitimate requests," according to the report. "We trust those who have access to our personal data as it is stored and shared in cyberspace, i.e. software developers, commercials enterprises, medical providers, insurance companies, delivery service providers, law enforcement, to know what they are doing and understand the implications of this massive and complicated process."

According to John Clark, Accenture’s Global Security Leader and co-host of the roundtable, sponsored by Accenture and Purdue University’s CERIAS (Center for Education and Research in Information Assurance and Security), "This is the first time that security experts of this number and magnitude have ever been together in the same room, much less reached a consensus. They agreed that there are no silver bullets. Rather, we have to take a holistic approach, examining policy, business process controls, law, personal behavior and technology."

Call to Action
The report recommends the following steps be taken:

  • Advocate a Holistic Approach. A well-rounded and pro-active approach must be taken to the overall problems, rather than one that looks singularly at technology or changes in the law or business practices.

  • Invest in Training and Awareness. A sound educational program, focused on security and ethics, needs to be developed from K-12, university and continuing education.

  • Improve Software Quality. Prevent distribution of weak and immature software that could expose systems to attacks, especially common use software that can be exploited by "shrink-wrapped" attacks.

  • Implement Best Practices. Best practices and reasonable precautions must be taken to ensure that people do security right from beginning to end.

  • Initiate Public Debate. Public debate is needed to clarify and resolve issues of identification, ownership protection, use of personal information and responsible use of computing.

  • Package Security Architecture. There is a need to simplify integration of security technologies using basic security architectures that provide standard services to integrate with applications and infrastructure.

The report also identified the following key security trends over the next decade:

  • The EverNet. Billions of devices will proliferate that are always on and always connected, causing power outages, network downtime, market crashes, and break-ins that will catch us unprepared.

  • Virtual Business. Complex outsourcing relationships will extend trust boundaries beyond recognition, creating a web of relationships outside anyone’s control.

  • Rules of the Game. Government regulation will increase as money and economics drive lawmakers to act.

  • Wild Wild West. International criminals will exploit the lack of cooperation and compatibility in international laws, forcing large companies to become their own defensive force or hire private security companies to protect them.

  • No More Secrets. Privacy concerns will continue to compete with convenience and a desire for more features.

  • Talent Wars. Lack of security skills will further compound the weaknesses of delivered solutions.

  • Web of Trust. Standard security architectures and improved trust will spur eCommerce growth, with the basic issue being whom do you trust and why.

  • Yours, Mine or Ours. Identifying intellectual property, maintaining creative control and determining information ownership will become key areas of debate.

  • Haste Makes Waste. The pressures to deliver at eSpeed will force vendors to sacrifice security and quality for functionality and expediency.

  • Information Pollution. Information exploitation will become more lucrative than hacking, as interconnectedness and the ability to respond instantaneously to events will increase the chance for misinterpretation.

Roundtable Attendees
The following security experts attended the CERIAS Security Vision Roundtable, in St. Charles, Illinois:

Rebecca G. Bace, President/CEO, Infidel, a network security consulting practice; John C. Clark, leader, Accenture’s Global Security Practice; Daniel Daganutti, security architect, Avanade, a high-tech systems integrator; Whitfield Diffie, distinguished engineer, Sun Microsystems, who is credited with the discovery of the concept of public key cryptography; Glover Ferguson, chief scientist, Accenture; Daniel Geer, CTO @Stake, previously manager of systems development, MIT’s Project Athena and now president, USENIX, the advanced computing systems association; Anatole V. Gershman, director, Center for Strategic Technology Research at Accenture; Michael J. Jacobs, deputy director, Information Systems Security, United States National Security Agency (NSA); David A. McGrew, cryptographer, Cisco Systems; Fred Piper, head of the mathematics department, University of London and director, Royal Holloway Information Security Group; John W. Richardson, Intel Corporation; Marvin Schaefer, a pioneer who has been involved in computer security since the mid-1960s and was formerly chief scientist, DoD Computer Security Evaluation Center, NSA; Howard A. Schmidt, corporate security officer, Microsoft Corporation, and international president of Information Systems Security Association (ISSA); Eugene H. Spafford, professor, Computer Sciences, Purdue University, and director of CERIAS; and Phil Venables, information security officer for a major U.S. investment bank. To learn more about CERIAS, click here.

About Accenture
Accenture is a $10 billion global management and technology consulting organization. The firm is reinventing itself to become the market maker, architect and builder of the new economy, bringing innovations to improve the way the world works and lives. More than 70,000 people in 46 countries deliver a wide range of specialized capabilities and solutions to clients across all industries. Under its strategy, the firm is building a network of businesses to meet the full range of client needs -- consulting, technology, outsourcing, alliances and venture capital. Accenture’s home page address is