SECURITY COUNSEL

It's a new world out there for management information systems executives, who must grapple with security issues in a rapidly changing and unpredictable computing environment.ter-driven open-system networks, a growing behind-the-scenes issue is how to provide adequate security.Preventing sabotage and unauthorized access and building a safety network to protect against system failures and ensure daily

It's a new world out there for management information systems executives, who must grapple with security issues in a rapidly changing and unpredictable computing environment.

ter-driven open-system networks, a growing behind-the-scenes issue is how to provide adequate security.

Preventing sabotage and unauthorized access and building a safety network to protect against system failures and ensure daily backup of all key data is an increasingly complex issue.

Also at stake is the difficult task of seeking to guarantee data processing systems security in a computing environment frequently driven by relatively new hardware and software solutions.

Here is how SN's discussion with five MIS executives went on the issue of security:

SN: Is the shift away from mainframe computers creating new security challenges?

BILL MAY: The whole client-server computing environment, the networks and open systems, are all creating additional challenges in this area. Mainframes typically offer very structured security systems that back up everything processed during the day. They also have a structured system for granting access to the system.

The world of client server, on the other hand, is still being designed and built, and it scares the daylights out of us. We are dealing with questions such as who can get onto a file server and corrupt the data or gain access to a system on which they don't belong? Or who is responsible for backing up the data at the end of each day?

All these issues are coming into play, and they are issues not just for our industry but many industries. Backup, security and training are all big, big issues. The vendors developing these tools are looking hard at the issues, but nobody seems yet to have solved all of them. It's a new world.

PATRICK STEELE: Security is a major issue and always has been. It's getting more attention, as it should, because companies are becoming more dependent on information to make decisions. If they can't rely on data being accurate or secure, it's hard for them to move forward with merchandising or sales planning, or marketing.

DAVID HAYES: The client-server environment may not be as stable as the mainframe, because the software is not mature. Mainframes are more reliable than networks and client-server systems, so there is some increased risk. But I don't think security or backup is a major problem.

PETER ROLANDELLI: This industry looks at security seriously within the store, but I don't know if we are as stringent on the data processing side as some other industries, such as banking.

We do a good job of controlling the basic security aspects, but data is becoming so mobile now. One of the challenges we have is realizing there may be some additional new types of data becoming available that is more important than anything else.

We have customer files, for example, in every store. That means 1,110 sites have information on our customers' names and addresses and how much they've been spending in our stores. It's important to protect that information because that's what the guy down the street is spending all his money to get: your customer.

STEELE: It's a technology issue. On the one hand, a company can take steps so that if a system goes down, another one automatically takes over. Some companies have done that, especially for securing real-time networks for debit and credit transactions. They are applying technology to make sure that the systems are backed up.

Disaster recovery and component failure are usually the problems that strike first, but companies have to pay attention to the sabotage and theft issues, too.