For EasCorp, the most important part of the security puzzle is authentication. To solve the problem, at least in part, EasCorp uses RSA Security’s Keon PKI Certificate Authority software, which allows the company to act as its own certificate authority and issue certificates for customers.

That’s fine as far as it goes, but Smith says it’s simply not adequate when dealing with such large sums of money. If someone passing by an employee’s PC sees the user ID and password, for example, he has unlocked the key to the digital certificate. "That’s not strong enough to perform a $1 million wire transfer," Smith notes.

To address the problem, EasCorp has just purchased SafeWord, a handheld token-based security device from Secure Computing. EasCorp plans to use the device as a multifactor authentication system. When paired with the digital certificate, the physical token device will generate a random number, which the user will key in during the process of releasing the wire transfer for processing. By combining digital certificates with multifactor authentication systems such as a token-based system, a smart card or a biometric-based system, "you end up with much stronger certainty that the person is who they say they are," Smith says.

Future Uncertainty

The future of security is both bright and dark--bright for the myriad vendors providing new ways to keep miscreants with modems at bay and dark for the CIOs who feel compelled to keep buying the resulting products. But there is some hope. All-in-one security services can provide companies with 24/7 outsource system protection that’s constantly taking advantage of the latest products. And companies that would rather retain more control of their security systems while still simplifying the process, new all-in-one security systems (such as those from Zone Labs and Okena) combine firewall, antivirus, intrusion detection and other security necessities into a single product that’s easier to manage than integrated multiple tools.

Even the ubiquitous XML may get in on the security act. Nationwide is investigating the opportunity to use XML to deposit better information from its Web-based knowledge into a central security site and then act on it in a more timely manner. Schwartz says that although the concept is brand new, he talked to some vendors, including Guardent, about how they might develop such products.

"We looked closely at how we can use XML to do things like data classification. You’ve got websites for the general public and sites you want to keep more confidential containing your customers’ private information, and XML could be a great way to deal with that," he says.