Bruce Davis the Asia/Pacific information technology director at Unisys reports that given the size and international scope of the company, the development of a centralised standardised internal security structures has been possible.
The model depends on virtual teams in each region implementing procedures that are directed from the Unisys head office in Blue Bell, Philadelphia. Although the implementation relies on teams in each region, according to Davis, the Unisys approach calls for company-wide education but does not require full time security staff as such.
"On one hand you could say that the Australian security team consists of one person who is in charge of implementing the global strategy as outlined by head office," Davis said. "Even the corporate team is not a full time security team."
"Everyone in the global mail administration would spend a bit of their time on security. We have two Asia-Pacific mail exchanges based in Australia and they are an integral part of the roll out of the security strategy. And we have the LAN administrators and computing staff in each of the major locations that are a part of that process as well.
"For example there are two staff in our North Sydney head office who respond to security issues in that particular site. There is at least one person at every Unisys site who is in charge of making sure that the standard which is determined globally is implemented locally."
According to Davis, on one hand the global nature of the Unisys structure leaves the company's networks particularly vulnerable to key security issues such as virus contamination. However, this integrated international approach also enables teams on a regional level to engage in rapid response to new threats as soon as they surface.
"In our smaller Asian offices the whole process is often carried out by the IT person wearing a number of different hats," he said. "We tend to have people that can manage the file servers, the mail servers, the interface with telecommunications and so on.
"They've got a mix of skills including the ability to communicate with management and individual staff in that region, about how the security arrangement needs to function and the importance of keeping the tools, anti-virus software up to date."