Any pension fund manager will tell you the right investment portfolio is essential. At Bimcor Inc., which manages pension funds for BCE Inc. and its subsidiaries, the same applies to network security.
Bimcor’s security portfolio includes a variety of products, including E-Trust intrusion detection
and anti-spam software from Computer Associates International Inc., anti-virus software from both Computer Associates and Trend Micro Inc. and external firewalls from Cisco Systems Inc. It also includes PC firewall software from other vendors and access control lists on internal routers and switches to make sure only authorized people are using the network.
“”Obviously we deal with confidential information,”” says Sylvain Leboeuf, Bimcor’s vice-president of information technology. “”To make sure that the information is kept confidential is one of our major objectives.””
Using two anti-virus packages — a precaution Yves Morin, assistant director of IT research, likens to wearing a belt and suspenders — is meant to reduce the likelihood of an unrecognized virus getting through. Bimcor uses its intrusion detection system on three different layers: first, on internal servers to monitor what users are trying to do; second, to make sure firewalls are doing what they should; and third at the connection to the Internet. Morin says it’s the third layer, where the internal network meets the Internet, where Bimcor catches a fair number of potential attacks, such as port scans.
Bimcor has not seen suspicious activity inside the network, Leboeuf says, but monitors its systems anyway to be safe. This guards against threats such as a visitor plugging a notebook into a network jack inside the company’s offices, for instance.
Though CA offers console software that could link some of these products together, Leboeuf says Bimcor hasn’t implemented it. The common look and feel of the three CA products the company uses is an advantage, he says, but Bimcor hasn’t felt the need for greater integration than that.
Employees working at home connect to corporate systems through a virtual private network, and Bimcor provides anti-virus and firewall software for their home PCs and written procedures for making secure connections to the office.
Along with the software, education is another important weapon in Bimcor’s security arsenal. One of the company’s tactics is “”lunch and learn”” sessions, in which employees are invited to a board room and given lunch, while they listen to a talk about an information technology topic such as some aspect of security.