Publication: Computers Weekly
Date: 30.04.2006
Headline: Yovko Lambrev, IBM Bulgaria: The Organized Cyber Crime Is a Real Threat to the Bulgarian Companies, Too
Interviewer: Heliana Velinova

Would you please tell the readers of Computers weekly more about your job as a security and information protection consultant at IBM?
Security is only one of the directions on which the experts from IBM Global Services (IGS) focus their efforts. IGS is the consultancy division of IBM which deals with the services and the implementation of complete complex solutions, including software, hardware and services connected both with the implementation itself and the evaluation of the necessity of the specific solution, analysis of its impact on the business, changes in the organization processes, and others. As one of the IT architects in IGS, my activity is the sector of the security services and consultancy, infrastructure solutions and open source software. Part of my job is to change the mentality regarding the security among the business representatives in Bulgaria. Help them realize that the care for the security should be looked at as a constant process, that they should think the information security globally. It does not make sense if the companies buy a system for thousands of dollars for physical control over the access to the premises and, at the same time, not to possess a platform for access management through the network and the consumers’ roles.

What solutions does your company offer in this direction?
IBM offers a wide range of solutions – from helping the client evaluate the situation of his company and choose a solution, apply and implement it and manage it afterwards.

As part of our global e–business hosting services, IBM offers a solution which commits us to protect the clients against spam, viruses and harmful content. The client will not need to buy antivirus or anti-spam software; he will neither need subscriptions for each workstation nor renew the software definitions. Instead, he concedes all these concerns to IBM. Our company is committed to check every electronic letter, to stop or “clean” it from viruses or harmful codes if there are any, as well as filter the spam traffic. The client could easily configure himself in details the behavior of the service. This is provided by IBM devices which are located in IBM server farms worldwide or in case the client wants, they can be put in his IT centers. IBM offers this service in Bulgaria and the company is able to provide it to every client who uses post infrastructure IBM Lotus Notes/Domino or Microsoft Exchange. The service is price–attractive and is designed for clients with over 500–1000 consumers. Another interesting service which IBM offers is the so – called ethical hacking. Despite its exotic name, this is a service which represents check – up and evaluation of the vulnerability of a particular network or part of it, of a sole machine or a whole system, or of a separate software application regarding a possible harmful hacker attack. The idea is to discover omissions in the security and possible vulnerabilities before the malevolent network hackers find and use them.

Is the organized cyber crime a real threat to the Bulgarian companies?
58% of the companies worldwide are confident that the cyber crime would cost them more than the physical crimes, according to the data of an IBM research among companies in 17 countries across the world, including 8 European countries. The cost of the cyber crimes, in the respondents’ opinion, is measured with lost profits, loss of current and future clients, and decrease of the employees’ productivity. No doubt the organized cyber crime is a real threat to the Bulgarian companies too. Information costs money. The thieves of information will get bigger in number. For a few years now, the security has been issue number one for the IT managers in the whole world. Bulgaria is part of the world and both the network and the events in internet affect us directly, no matter if we are ready for this or not. The opinion that things will happen here later is not applicable anymore to the present situation and the business which is open towards the network.

Which are the main components of the creation of a high quality protection against harmful intrusion and protection of information?
There cannot be a generally applicable architecture. That is why IBM offers solutions in accordance with the needs of the specific client. The business in Bulgaria is just starting to feel the need of one of the components for information security – the management. The implementation of a security system, as simple as it might be, requires care connected with the renewal of configurations, software, supervision, etc.

The security management includes risk management, as well as management of the consumers. This means a complete control over their digital identities, roles and access, as well as over the software and its renewal.

With its products from the Tivoli family, IBM is able to offer an extremely convenient and professional solution for security management. IBM Tivoli Manager (TIM) and IBM Tivoli Access Manager (TAM) can centralize the management of the consumers from one place, no matter how many and incompatible systems are used in a company. With IBM TIM the efforts for registration of a consumer in a great number of systems can be saved and consequently, the system can be easily supported and renewed when changes come into being – when an employee is relocated or quits, when the job position is changed, etc. Consumers are being “made” from one console and from one place and their roles are being managed according to the sectors and the access systems. On the other hand, IBM TAM provides the access of these employees to the very systems in respect of passwords and specific user names. More and more companies ask themselves if with 8 – 10 or more systems it is needed to demand from their employees to have different passwords for each of them. From the security point of view, in one length of the password there should be at least 8 symbols and to be changed every second month and the other length to be 6 digits and to be changed every three months which provokes a lot of inconveniences. IBM TAM implements single – sign–on solutions and the customers are authorized only for TAM which, on its part, provides their access to the respective servers, systems or web applications.