Security Management
Presented by D. Eric Leighton, President/CEO
May 16, 2007
New Hampshire Chapter of PMI
Security Management

How do widely dispersed project teams collaborate safely and securely?
— Introductions
— What’s Changing
— Typical Security Environments
— Five Fundamental Challenges
— Real World Situation
— Simple Solutions to a Complex Problem
— Questions & Answers
Background

D. Eric Leighton
— Co-Founder of LoadSpring Solutions, Inc.
— 14 Years of Technical and Management Experience in computer Hardware & Software
industries
— BS Mechanical Engineering, University of Maine, Orono, ME
— MS Mechanical Engineering, Rensselaer Polytechnic Institute, Troy, NY
— Enjoys hiking with family, mountain biking, fly fishing, canoeing and is a licensed Maine
Guide through the Maine Department of Inland Fisheries and Wildlife

About LoadSpring Solutions
— LoadSpring Solutions delivers application hosting services that provide reliable access for
project teams through its sophisticated security, proactive support and intuitive user
interface known as the CAM Console™. Founded in 1999, LoadSpring supports Fortune
500 companies and Engineering News-Record (ENR) top firms in the fields of construction,
heavy equipment manufacturing, real estate services, engineering and energy/utilities. For
more information, please visit www.loadspring.com.
Experience
Heavy Equipment/Manufacturing
Construction
Engineering
Real Estate
Services/Facilities
Energy & Utilities
What’s Changing

Increasing reliance on the Internet as a data access platform

Teams need real-time access to information and applications
— Global project teams
— Time zone differences
— Limited on-site network infrastructure

Access for project teams cannot disrupt security of internal network or sensitive data

Internal IT groups already overly taxed defending what’s behind the corporate firewall

Multi-layered information access across industries like financial services, construction, real
estate services, energy, heavy equipment manufacturing is increasing
Typical Office Security Environment
Public Internet
Hacker
Hacker
Typical Firewall
Office Network
External Access Security Environment
Hacker
Business
Partners
Office
Workers
Hacker
External Firewalls
Internal Firewalls
Public Internet
Shared Access Network
Five Fundamental Challenges

Is there a corporate focus regarding data/application sharing?
— IT must make it all happen?
— Outsource everything?

Time & money: the cost of security, expertise & time to deploy
— Most IT professionals are trained at defending the internal network from external threats
— Providing filtered access is a new challenge, requiring familiarity with different approaches and technologies

User simplicity
— Technologies that are routine to “Techies” are complex and cumbersome to the average user
< Installing/Configuring/Accessing VPN’s
< Sharing Files with Corporate FTP Sites

Managing the system: wrong person – wrong task
— Project Managers know the applications but don’t know IT
— System’s Administrators know IT, but don’t know project management

Support
— Geography and time zones, along with third parties (using machines not maintained by your IT department) make
support by internal IT a nightmare
Real World Situation

Technical requirements
— Perini Construction needed to provide remote project teams access to several Primavera
applications including Expedition and P3 e/c with performance equal to or greater than in-house
solution
— Remote system must be remotely managed
— System also must be simple from the user perspective and highly secure

Business challenges
— Perini did not understand the business challenges they faced when attempting to deploy a remote
software access system for its growing collaboration demands
— If you sampled the IT managers at all Fortune 500 companies two years ago, it’s likely that about
500 would tell you that their IT staff is overworked with too many projects to complete in the
timeframe required. Perini Construction was learning this in real-time back in 2003
— They estimated that they could get their in-house solution completed in about three months with
hardware costs estimated at about $35,000 with two dedicated full-time IT resources. This was a
significant underestimation
Real World Situation (continued)

Security
— Granting access to users outside their protected corporate network
— Access from countries with little or no political nor governmental infrastructure
— Working with multiple governmental agencies and users from multiple mid-eastern countries
— The security requirements of this project would require high technology, high encryption and
procedures beyond the scale typically deployed by Perini

Support
— Supporting external users from other organizations was a big concern
— Supporting software being deployed remotely was also a concern. How do you support software with
users that are 7,000 miles away?
— Time zone challenge
< Perini was having problems at 10:00 a.m. local time, but that was 3:00 a.m. EST. Supporting these remote users
throughout their work day would require hiring an IT staff that worked after hours for a premium.
Real World Situation (continued)

Perini’s solution – Outsource to LoadSpring Solutions
— Business decisions:
< Can we do it? Should we do it? If we don’t, who can?
< Project management is business-critical bordering on mission-critical
— Time & Cost evaluation
< Direct costs to outsource was less, capital expenses could be eliminated
< Deployment with LoadSpring could happen in a matter of days vs. 2-3 months
— User Simplicity & System Management
< Deployment through LoadSpring’s CAM Console eliminated need for VPN’s or client side configurations
< CAM Console enabled Project Managers in Kuwait to create/modify/delete users remotely
— Support
< LoadSpring provided Primavera app support 24 x 7 while maintaining corporate network security - Priceless
Simple Solutions to a Complex Problem

Evaluate business-critical vs. mission-critical
— Determine business objectives and define which data/applications are mission-critical and which
are business-critical
— Identify security requirements and the impact of not being able to access your applications
< For Perini, mission-critical applications were identified as revenue generating, while business-critical were timesaving.

Evaluate costs to deploy
— Time
< Do I have adequately trained IT resources with appropriate experience in both security infrastructure technology
as well as application technology who can manage this system?
< How long will it take to deploy the security infrastructure and then to deploy access to my applications?
— Look at capital expenses both for application delivery and enhanced security environment
Simple Solutions to a Complex Problem

KISS
— You’ve selected a great PM application, but ensure it is easy to use AND access!
— It’s simple, but is it secure? What do users and IT have to do to make it secure?

Right person – right task
— Ensure you don’t have to get an IT support ticket every time you want to add/delete/modify a user
— Remember, you invested in software to save time & money, not waste time with infrastructure
challenges

Who’s on support?
— Everyone has a support offering, but ensure your solution can consolidate who owns what
— If you are time-zone challenged, evaluate the costs of off-hours support and how that would be
handled internally
Questions?
Contact Information:
Eric Leighton
Phone: 978.685.9715 x130
Email: [email protected]
For a copy of this presentation: http://www.loadspring.com/corporate/security/index.html