Edward Amoroso is the chief security officer at AT&T in the US, as well as a professor who has written several textbooks on information security. Amoroso spoke with Jon Brodkin last week in Boston, where he delivered a keynote about network security during Forrester's Security Forum.
What are your biggest security challenges at AT&T?
The biggest challenge right now is sensitive personal information being all over the place, Social Security numbers, credit card numbers. It's an IT problem. I'm not even convinced it's appropriate to call it a security problem, it's just IT infrastructure has developed in a way where that stuff is all over the place. We're encrypting the whole company. That's a pretty heavy-handed approach to solving the problem, but that's really the only option.
Have you lost any sensitive data?
We've had some laptops that have been lost just like anybody else. So we report those and move on. That's been the extent of it, it could be worse.
You also spoke about network security and defending against botnets and denial-of-service attacks in your keynote.
That's our second-biggest challenge. Keep in mind, we're a service provider, so the availability threat is way more important than if we were selling software. If Microsoft.com is down for an hour, it wouldn't be good but it's not a stock-price-affecting problem. If our network services are down for an hour, that is a very big problem.
Will AT&T be able to successfully defend against these botnets?
We do it now. These things we see, a lot of them are aimed at us all the time. Any carrier that says 'we're not under attack' is lying to you.
Last December, we saw some pretty significant increases in traffic aimed at our host. We think that somebody was aiming big denial of service attacks at our hosting DNS services. We just filter the traffic, we survive it. It's just the normal course of business for that stuff to be lobbed at you, and you block it.
You're an adjunct professor of computer science at the Stevens Institute of Technology. What can we expect from the next generation of computer scientists?
They're good hackers, that's for sure. They come in and they've been reading hacking magazines since they were little kids. There's a lot of foolishness in youth so a lot of young people do design attack tools. They're better [than previous generations]. But they're also better as computer scientists. I would say there's a general uplift in capability, good and bad. It keeps me sharp. They let me have it if I don't know the answer to something.
ScrumMaster offers tips on how to play in a winning dev team
How spyware nearly sent a teacher to prison
Open source identity: Asterisk founder and Digium CEO Mark Spencer
Fighting e-waste one mobile phone at a time
MIT's JoAnne Yates on information overload, 'CrackBerry' addicts and the 'always online' life
Read up on the latest ideas and technologies from companies that sell hardware, software and services. CRM your salespeople will love
Discover the advantages of an open architecture multi-vendor network solution
Data grids and service-oriented architecture
Solve Exchange Mailbox Storage Issues Once and for All
Strategies for Eliminating .PST Files
How to improve employee productivity in small and medium businesses
Making the Business Case for IT Consolidation
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 2008-12-04 15:04:00+11
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 2008-12-04 13:34:00+11
Charles Sturt University Commences Unified Communications Deployment With Interactive Intelligence 2008-12-04 08:30:00+11
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
Everything you need to know about email and web security (but were afraid to ask)
What you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
Buying Guides
Latest Products
