A Delicate Balance

A Visual Guide to
Secured Business Operations
Introduction
Introduction

It’s big.
It’s bright.
It’s vulnerable.
Today, as a business leader, you’re on the hook. And too often in the dark,
pressured by the Three Rs of global management: Regulation, Reputation
and Risk. Regulation: CEOs sign off on Sarbanes 404 processes, and
government leaders design the regulations to protect all interests—each
not always knowing the best blueprint for implementation. Reputation:
Reputations can vanish overnight—all by what you don’t know. Risk: From
mergers and acquisitions, to global trade, to immigration snafus, cascades
3
Introduction
Introduction

UNITED STATES BRAZIL FRANCE UNITED KINGDOM GERMANY

+357% +797% +219% +262% +193%

More than 2,000% 1,000% 500% Less than

5,000% to 5,000% to 2,000% to 1,000% 500%

A Look at the Future YEAR UNITED STATES BRAZIL UNITED KINGDOM

The map above shows projected GDP growth between 2000 and 2050, according 2000 $9.82 trillion $762 billion $1.44 trillion
to a Goldman Sachs report. The projected figures at right show China overtaking the 2025 $18.3 trillion $1.69 trillion $2.46 trillion
United States as the nation with the world’s largest gross domestic product sometime
around the year 2040. 2050 $35.1 trillion $6.07 trillion $3.78 trillion
Source: The Goldman Sachs Group, Inc. (2003)

of undetected risks can be unleashed throughout the extended enterprise.
And there lies the issue. Today, the devil’s bargain of globalization is the demon of
complexity: More to go right, and more to go wrong—faster, farther, and deeper than
ever before. But today, there is a way to minimize global meltdowns—with holistic
solutions that converge logical security with physical security, helping you to better
manage risk and optimize operations. That way, you avoid or take the bad
risk in stride, while focusing on the risks that truly drive shareholder
value. Balancing good risk with the bad: This is the challenge of this
new environment. One system. One view of physical and digital
reality. All driving stronger control and greater competence.
So What’s New Here?
Not the hardware or necessarily the technology. In this new world, from RFID
to iris scanners, the technology is all out there, mature, proven and affordable.
What is new is the demand to converge physical security with data security, thereby
connecting all your data and technology on a single global infrastructure. Power grids.
Air traffic control. Financial systems. Emergency response networks. Everything that
matters. All in one highly controlled, tightly connected network.
Today, these once separate worlds can be connected and protected on a single
seamless platform. This is what we mean by converged security: security in which
“inside” merges with “outside,” meaning where the world of data and IT merges
 INDIA CHINA RUSSIA JAPAN
+5,928% +4,159% +1,501% +159%
ITALY
+190%

FRANCE GERMANY ITALY RUSSIA INDIA CHINA JAPAN

$1.31 trillion $1.87 trillion $1.08 trillion $391 billion $469 billion $1.07 trillion $4.18 trillion
$2.09 trillion $2.60 trillion $1.62 trillion $2.26 trillion $3.17 trillion $10.2 trillion $5.57 trillion
$3.15 trillion $3.60 trillion $2.06 trillion $5.87 trillion $27.8 trillion $44.5 trillion $6.67 trillion

with the world of physical security. The result is an ability to manage across the
entire enterprise in terms of protecting people, data, places, and things. The power,
then, is in the integration. And often, that means better integrating the resources
and technologies that you already have.
What’s more, by using open architectures, your network can be “future-
proofed,” with more advanced technologies easily added in orderly sequences,
without a lot of costly rework. By integrating these two worlds, your system gains
an enhanced ability to spot, respond, and avoid threats. With autonomics—
self-healing IT technologies—your system better balances capacity, uses fewer
resources, and quickly heals itself in the event of a disruption.
As a result, you can focus more on value-added investments and
correspondingly less on fire drills and damage control. As Coca-Cola Chairman and
CEO Neville Isdell puts it, “The companies that succeed in the 21st century will be
those that manage change without disruption.”
Transformation #1: A Growing Threat Environment
The trouble is, the threat environment is constantly changing.
As FBI Director Robert Mueller observed not long ago, “In
this world of technological advances, every 18 months the
threats will change, and we have to be agile enough to

5
Introduction 90 percent
Amount of world cargo that
moves by sea.

35 percent
Amount of world trade that
moves along the Malacca
Straits, the world’s most pirate-
infested waters.

address those threats when they do change. The simple truth is, we do not protect
$50 million
cyberspace to the same extent that we protect our physical space. We have left 2,777 per day Ransoms paid to Somali pirates.
“Unprecedented,” says Lloyds
our doors open to our business practices, our sensitive data, and our intellectual Malicious code threats worldwide. of London.
property.” Case in point: In just one haul, 40,000 credit cards were stolen. And 70
percent of those victims—ex-customers, rather—reported spending 12 months to
restore their credit. Staggering—an annual cost of almost $50 billion. And for too 1 million 18.5 million
many organizations, business as usual. Number of computers hit by Number of containers that
The other related challenge is risk management, but here again, it’s a delicate viruses or Trojan horses in 2007. arrived in U.S. ports in 2007.
balance. In this case, it means balancing compensated risk—the risk that
the marketplace rewards—with uncompensated risk, never rewarded but only
punished if you miss.
116 hours 5 percent
But just what is the nature of this risk? It is the risk of an almost fathomless
Average time ID theft victims Amount of containers physically
complexity unleashed by everyone and everything that your organization is
spend repairing the damage. screened each year.
connected to within a vast global network. In the old days, when organizations
could build a moat and control everything within their four walls, they never had to
deal with such risk and complexity. Today, the opposite is true, and the result can “The U.S. FBI estimates there are 100,000
be like a vast power grid—terrific to behold when the lights are on and the sun is
shining. But what about when risk spikes? The result then is not unlike the domino computer viruses on the Internet, and
effect of a power-grid blackout, when one node or tree can trigger a cascade of copyright and trademark theft costs
outages, taking down states and even whole regions—again, because of how
much larger, complex and densely interconnected the system is.
$25 billion annually. It has become
Now consider some of the triggers in your world. such a concern that computer crimes
Your system gets hacked or a hard drive disappears—tens of thousands of
only rank behind stopping terrorism and
counterintelligence as FBI priorities.”
— COMPUTER CRIME RESEARCH CENTER
$650 billion
Worldwide counterfeit theft
annually.
50 percent
Percentage of counterfeit
pharmaceuticals, according to the
World Health Organization.
$200-250 billion
Estimated U.S. losses from
counterfeit drugs.
$1 trillion
Amount of money laundered
globally each year.
$911 billion
Bad debt carried in Chinese
banks—40 percent of GDP.
“Our ability to compete in the
global economy, to protect
ourselves against crime and
terrorist attack, depends not
on walls and fences but on our
ability to use information.”
— U K P rime M inister gordon brown
20-plus 20 percent 55 percent
Number of freighters owned or Portion of the U.S. Federal Increase of attacks on U.S.
controlled by Al Qaeda. budget spent to fight terrorism
annually.
Military networks.
165 million $2 trillion
Number of records exposed 14,000 Estimated cost of a bird flu
globally in 2007. Terrorist attacks globally in 2007. pandemic.
81 million 20 percent
Number of fingerprint records on World population potentially
the FBI database. affected by a bird flu
pandemic.
$3.5 trillion
Amount of U.S. commerce 35 percent
supported by air shipments Amount of world trade that
annually. moves by air.
158 percent
Increase in cyber-attacks in
2007.
7
Introduction
identities lost, as T.J. Maxx and Marshalls owner, The TJX Companies, discovered
when 45.7 million credit and debtor records went missing. Or the wrong person is
waved across a border. Or a rogue medicine bottle bearing your name becomes
the lead story on CNN. Whatever happens, in a global world, it happens fast, as
what carried your fortunes up carries them down with the force of a wrecking ball.
What you feel then is literally the connected weight of the world as everything
you’re connected to spirals out of control. Like hitting the brakes on black ice—
ill-prepared and seeing only part of the picture—organizations can over-react and
skid out in such situations, with no good way to steer and no way to stop.
Take cyber-crime. In a 2007 Deloitte survey of the top global financial
institutions in 32 countries, 65 percent reported external breeches. Of these,
25 percent involved more than $1 million in losses, and 4 percent experienced
losses that ran as high as $49 million. And why? Often because of the sheer
complexity of the circuitry, stretching through dozens of nodes. That’s a lot to go
wrong, especially at Internet speeds.
And look at what can happen. Weeks after the fact, whipsawed by events—
amid fines, lawsuits and damaged careers—executive teams are still struggling
not only to contain the damage, but to trace its spreading effects. How many
records lost? What did those records contain? How might this information affect
our partners and their partners? In an economy in which 70 to 80 percent
of market value comes from brand equity, intellectual capital and other
intangibles, we’re talking about the kind of event that can severely
damage your enterprise, or even take it down.
Transformation #2: A Changed Regulatory Environment
Consider some of the transformations in the global
competitive environment over the past decade.
On the downside, leaders now need to deal with
regulations, like Sarbanes-Oxley and 404; with stakeholders and activist shareholders;
with round-the-clock, whistleblower stock news; with the new global high-bar of
global corporate responsibility; and finally, with the new dynamics of the stakeholder
revolution—many more people and groups to keep happy.
Then there are the effects of globalization itself—beginning with the huge rise
in global standards and regulation, and continuing with the ever-mounting risk as
organizations expand their footprints. Take food security, one of the top risks noted by the
2009 World Economic Forum. Already this year, there have been multiple scares. But why?
With new technology and sensors, supply chain managers can track food in real time,
registering every detail about its condition, temperature or location.
Transformation #3: A Loss of Control with Critical Information
Finally, there are the competitive risks of Globalization 3.0, when virtually
every organization has a hub in India or China, if not both. One big issue is how to
control intellectual property from thousands of miles away. The simple fact is, most
organizations cannot: At two removes, the typical organization loses control of its
IP, as suppliers swiftly turn into fast-learning, price-advantaged predators. How to
protect IP from such new competition, much less against state-sponsored systems of
industrial espionage?
Yet another feature of our time: the swings between the public’s exceptionally low
tolerance and extraordinarily high expectations. In a world tired of market meltdowns,
there is arguably more public and regulatory fervor (and market punishment for perceived
transgressors) than at any time since The Great Depression. At the same time, with more
customer information on file than ever, the public has a much higher expectation that
organizations will keep their critical personal data secure. Or else.
For all these reasons, integrity or controls lapses—whether intentional or
unintentional—carry a much higher price than they did a decade ago. Indeed, enough to
take down your company, or set it back for years.
But Now For the Good News: There Is Far More to Go Right
The good news is, the upside has changed as well, as much because of
plethora of new technologies, as because of a revolution in standards and
improved business processes that make digital change faster, easier and
cheaper—and far more predictable. Today, as a result, there are many, many
things to go right with your enterprise:
• Right about the availability, reliability, predictability and purity of your
products.
• Right about the ability to uncover business patterns and customer needs.
• Right about the ability to turn from playing defense to driving innovation.
• Right about the ability to recover faster and more nimbly than competitors.
Above all, security demands balance. Over-balance the equation in favor of
security, and an enterprise loses efficiency and agility. Under-balance it, and the
enterprise opens itself to dangerous levels of risk. Or stagnates through the risk-
aversion and lack of innovation that so often goes with it. Either way, the days are
gone when global players can, or should, manage the process alone.
Striking the Right Balance Between Security and Innovation
Striking the right balance between risk and innovation is what this brief visual
book is about: To visualize a world buffeted by so many forces—many all but
invisible—that the system is almost better visualized than explained.
In a people context, there’s the need to identify, track and protect individuals.
Here positive identification not only means having the right systems and
processes, but the control to see inside those processes, with data-rich views
that can precisely authenticate identities.
For highly dispersed databases in different agencies and governments,
enhanced visibility improves their ability to interact—to follow the same
protocols, search the same fields, speak the same language and draw common
assumptions. Including the ability to safely collaborate—even globally—knowing
their intellectual property is truly secure.
Or consider a large bank. With disconnected legacy databases, the typical bank
is often dangerously fragmented—ripe for the lone operator who, with a laptop and
the right algorithm, can take down whole networks.
On the business front, meanwhile, the same bank blankets an existing
customer with credit card solicitations, all while missing the fact that Ms. Doe is
ready for a car loan or a home refinance. Add an M&A and the chaos factor only
grows—a digital hall of mirrors. Before organizations can collaborate effectively, they
need to trust. But to trust, they need better security, together with the kind of clarity
and confidence that go along with it.
Tomorrow: Timely, Comprehensive Intelligence
So how can organizations make it happen?
Not through any one solution.
First, success demands a comprehensive system able to identify, track and
trace people, goods and information systems. The key here is not a new system,
but rather a better architected and integrated system with far better sensors. The
result—shown schematically throughout this visual book—is a new era of visibility
and control into everything that your organization touches.
But again, the ultimate goal is tipping the good-risk/bad-risk equation in your
favor. It means knowing the landed costs of goods once they arrive. Or controlling
the quality, accuracy, predictability and freshness of your product, whether it be heat-
sensitive drugs or sushi-grade toro.
Above all, security means an organization that inspires confidence in the
marketplace—a trusted leader with the situational awareness needed to correctly
read the patterns and run the right plays. And today there’s a path to achieve it, only
this time by better deploying the assets that you already have.
9
Risk Factors

Your new world is

one with
no “off”switch…
… in which problems happen
faster, spread farther, and create
more havoc than ever before.
Why? Because of everything your
enterprise is connected to.
Risk Factors

From Pakistan to Peoria . . . Seventy-five days and 14 handoffs later, how one cotton shirt
1 2 3 4 5 6

How Goods
Move DAY 1
KARACHI, PAKISTAN
DAYS 2-24
KARACHI, PAKISTAN
DAYS 24-26
KARACHI, PAKISTAN
DAYS 28-29
KARACHI, PAKISTAN
DAY 30
KARACHI, PAKISTAN
DAYS 31-35
ARABIAN SEA
THE TYPICAL SHIPPING CONTAINER can pass
A purchase order is Cartons of finished goods The consolidation A container truck picks The container is checked The feeder vessel sails
through 17 handoffs, or nodes, each posing a cut for 600 cartons of are delivered by truck warehouse loads cartons up the loaded container into Port Qasim. There, from Karachi to Sri Lanka
new risk. This route—from Karachi, Pakistan, shirts—some 75,000 to the consolidation into a 20-foot container, and transports it to after being released by by way of Mumbai, India.
to a Midwest department store—involves in all. The order is then warehouse. then seals the container Qasim International customs and terminal This first part of the
filled by a contract using a barrier seal Container Terminal. authorities, it is loaded journey takes five days.
four modes of conveyance, five countries, one manufacturer in Karachi’s and indicative tape. onto the feeder vessel.
ocean and two seas. The bigger risk: too many Textile District.
teams in too many places.
Here, a reputable global clothing Halifax, Nova Scotia
manufacturer stuffs and seals the container Chicago 10
Cleveland
in Karachi, a city with a history of unrest.
Eventually, the container is hoisted aboard
13 12
14
a ship: globally speaking, a needle in the
Peoria, 11
proverbial haystack.
Newark
Consider, too, the risk picture of Pakistan.
Illinois 9
Surprisingly, for a poor country, theft (a huge Atlantic
problem in Latin America, for example) is Ocean
relatively minor. More likely: plentiful heroin
from nearby Afghanistan. And arms: AK-47s,
rocket-propelled grenades, even shoulder-fired
missiles capable of bringing down an airliner. Busiest Ports
Then there’s the risk of hitchhikers, like the Ranked by Container Traffic
presumed terrorist who was found hiding PORT CONTAINERS PER YEAR
inside a container with airport maps and a
1. Singapore, Singapore 24,792,000
phony mechanic’s ID.
2. Hong Kong, China 23,539,000
Current remedies: Measuring the
3. Shanghai, China 21,710,000
container (has a double wall been created?)
4. Shenzhen, China 18,469,000
and weighing cartons (too heavy for shirts?).
More ambitious: radiological and biological 5. Busan, South Korea 12,039,000

inspections, GPS, and even RFID knowledge Source: 2006 American Association of Port Authorities rankings

down to size, color and numbers.

makes its way from Karachi’s garment district to a Midwest department store.

7 8 9 10 11 12 13 14

DAY 36 DAY 39 DAYS 40-59 DAY 59 DAY 62 DAY 65 DAY 69 DAY 75

MUMBAI, INDIA COLOMBO, AT SEA HALIFAX, NEWARK, NJ CLEVELAND, OH CHICAGO, IL PEORIA, IL
SRI LANKA NOVA SCOTIA
The vessel arrives at The mother vessel The mother vessel arrives The container arrives by Three hundred cartons Final delivery. Shirts are
Mumbai Port. After Vessel arrives at Colombo sails 18-19 days to The mother vessel at the Port of New York/ truck at the distribution of shirts arrive by truck removed from the carton
discharging some Port. There, the shipping Halifax, Nova Scotia, arrives in Nova Scotia. New Jersey, where the center. Here, officially at the warehouse of a and placed on sale for
containers, the container is trans-loaded traveling through the More containers are container is offloaded. taking control, the major department store. $24.99. You’ll take the
vessel then departs from the feeder vessel to Suez Canal, across the discharged. The vessel After customs and shipper breaks the There, the cartons are blue—and wear it that
for Sri Lanka. the mother vessel, bound Mediterranean, then then departs for the terminal release—a lock, unloads the received and put away. night at the barbecue, a
for the United States. across the Atlantic. final leg of its journey painstaking process container, then enters Then, after the store little more than 10 weeks
to the United States. with cargo from South relevant tracking sends a demand signal, after it was ordered.
Asia—it is then hoisted and location data the selected cartons are
onto a container truck. into the warehouse’s packed and shipped.
receiving system.

9
Karachi,
Suez Canal Pakistan
1 2 3
4 5
Mumbai, India
6
7
Arabian Sea

8
Colombo, Sri Lanka

13
Risk
Risk Factors
Factors

The Weather Channel

WHAT’S UP WITH this crazy weather? During 2004 and
2005, the U.S. saw seven of the most damaging storms
in the past 106 years. Including Katrina.
In any case, wherever you stand on the Global
Warming debate, there is no denying the growing severity
of tropical storms. Today, the number of intense Category
4 and 5 hurricanes has nearly doubled. Or consider 2008
alone: In the space of two weeks, Hurricane Gustav
caused an estimated $3 billion in damage in the U.S.,
while catastrophic floods in northern India left a million
people homeless.
The other wild card is the ever-mounting value of
what hurricanes can destroy. By some estimates, that
damage-potential is doubling every 10 years. Over the
next ten years—even at a conservative multiplier of 4

The China-India Effect

percent—the cost of a once-in-a-century storm could
soar to $200 billion.
Then there’s the oil factor. With the U.S. Gulf
accounting for 30 percent of the nation’s oil production
and 20 percent of its natural gas, storms can severely
cripple the economy. Witness Katrina, which damaged
almost one-fifth of U.S. oil production. In any case, the
severity of storms—and the connected infrastructures
they disrupt—now vastly exceeds the power of
government to contend with them. Enter Walmart, which
stepped up during Katrina, supplying its customers with
batteries and food, water and ice. The goodwill that such
hardiness and versatility engenders is incalculable.
Survivable systems. Variable plans. Redundant
capacity. All help organizations lessen the chaos that
storms can unleash.
THEY’RE NEXT-DOOR NEIGHBORS, growing faster than any
two economies in history. And, at 2.5 billion strong, they
offer two massive labor pools the size and quality of which
the world has never seen. Yet as China and India become
the world’s largest economies, each brings the risk of
political turmoil (Kashmir, Taiwan), environmental collapse (20
of the world’s most polluted cities are in China), and social
tension. (In 2005 alone, China saw 87,000 protests and
public disturbances.)
For business partners, these two economies present
still other risks: counterfeiting, IP theft, suspect food
and toys. Finally, there is perhaps the biggest risk of all:
environmental catastrophe. Then there’s perhaps the most
rampant risk of all—losing control of your intellectual
property. Without the latest privacy tools, in as little as two
removes, an organization effectively loses control of its IP.
In 2006, the U.S. did $343 billion in trade with China.
But what if China’s industries are caught selling tainted
toys or food? Where to turn? And what about the alarming
amount of non-performing loans that Chinese financial
firms are carrying, estimated to exceed $1 trillion, or a
staggering 40 percent of GDP.
India presents similar risks—highest of all, political
risks, with its 10 million-strong bureaucracy and culture
of corruption holding back the tens of millions of ordinary
Indians who struggle just to meet life’s basic needs.
Will these two titans break down, or break through?
One thing for sure: Partners will need robust contingency
plans and tight controls.

The Media Effect
THE CNN EFFECT is the BBC, Facebook, and Matt
Drudge Effect. It’s the herd effect of rampant news 24/7,
all driving the kind of mass speculation and worry that
sparks global stampedes.
It’s the stock that takes a beating, often on little
more than rumors. It’s the gravity-defying story that won’t
go away—an eternity if it’s your story. Above all, it’s how
stories can accelerate and mutate in a world with no “off”
switch. All with huge impacts on global business.
It wasn’t always so. Until 1980, when CNN
opened its doors, people got their TV news in
modest, meal-like doses. But then with the revolution
in telecommunications—especially in instant live
CORBIS (2)
coverage—came the rise of truly global stories like
the O.J. Simpson trial, 9/11 (half the TV-owning public
watched) or the Beijing Olympics.
Omnipresence has its costs, however. In fact, it
could cause a rethinking of the old adage, “There’s no
such thing as bad publicity.” Several years ago, when a
major oil company was caught overstating its reserves, its
stock sank 10 percent in the first two weeks. Unfortunately,
the bad news only continued, triggered by government
investigations, high-level executive resignations, and a
review of the company’s management structure.
As The New York Times put it, “When the Terrorist
Era meets the Information Age, a Time of Confusion
results.” The issue is managing the confusion, rather
than succumbing to it. The real task is finding a safer
harbor—or at least a better workaround.
The Regulatory Wave
THE ASIAN FINANCIAL CRISIS. The Argentine
financial collapse. The dot-com crash of 2000, and now
the sub-prime melt-down, bringing down giants like Bear
Stearns, Fannie Mae and the UK’s Northern Rock.
The result: Waves of national and global
regulation... Sarbanes, IFRS, Basel II, and much
more to come. Add to that wave after wave of corporate
governance. Security breach reporting. Privacy and data
protection. Not to mention industry-specific regulation.
Further confusing matters is the global dimension,
in which laws and regulation founded on territorial
jurisdictions are often imposed on cross-border
transactions and information flows. The resulting
complexity and compliance risk poses one of the great
pressures on 21st-century leaders. Beginning with a
tab that, for the top 100 institutions, could reach $100
billion by 2010.
Such overwhelming complexity likewise explains
why a recent survey revealed that only 41 percent of
the companies surveyed felt their boards really have a
handle on it. In this sense, the Regulation Wave is really
a security concern. Not to mention a brand risk for
those organizations that drop the ball.
Today, there’s a better way: Doing a full
regulatory inventory, then rationalizing the necessary
controls and responsibilities. In other words, by treating
compliance holistically as a security matter, with the full
cooperation of IT.
Against the regulation wave, there is only one
option—swim faster. Fortunately, next-level integration
can keep the leaders well ahead of the wave.
15
Risk
Risk Factors
Factors

Potential Shareholder Anti-Global

Traps and Pressure Forces
What if activists or failing

Effects
SNAP. China stumbles, or Avian Flu boils
up. Or a container scare triggers a rolling
port shutdown.
A hyper-connected world is loaded
with traps, and anything can trip them. In
a connected world, the effects are vastly
magnified in force and speed, especially if
your organization lacks connections needed
to negotiate the best path. The result is a
world of big winners and big losers in which
acting first is critical. This also explains how
small players can fast become huge, while
the big players can fall faster and harder
than ever. Why? Because of the domino
effects of a connected world.
It began with Enron and
WorldCom, with investors
sacking CEOs, disrupting
meetings and shaking up
boards—anything to make
the numbers. Today,
shareholders and stakeholders
put your business under
more scrutiny than ever. Add
to that the era of corporate
responsibility and enhanced
scrutiny, and the stakes have
never been higher.
Outbreak
Globalization is the ultimate
Petri dish, spawning, even
in the past few decades, at
least 35 new diseases. Take
Avian Flu. It is now estimated
that an outbreak could cost
between $1.5 to $2 trillion,
while affecting one of out
five people. What if your
workforce suddenly had to
spend months working from
home? Do you have the plans
and system security able to
support it?
states make doing business
prohibitive in parts of the
world? What if China flexes
its muscles, as Europe
does the same? In time,
will 9/11 come to be seen
as globalization’s rollback?
What if U.S. unilateralism
continues to polarize?
Apparently, globalization
has its antimatter—can you
counter it?
Terrorism
In 2007, there were 14,000
terrorist attacks resulting
in over 22,000 deaths. Of
the total reported attacks,
about 43 percent occurred
in the Middle East/Persian
Gulf, while some African
countries experienced
a staggering 96 percent
increase in violence. Today,
each year the U.S. spends
about $500 billion—or roughly
20 percent of the federal
budget—in its efforts to combat
or prevent terrorism.
Strikes Fakes
Feeling spontaneous? How Counterfeit goods are now a
about the troqueros that move market of $650 billion—never
containerized freight between mind the billions more that
ports and intermodal terminals. escape detection. The list is
No union contract here. These endless: drugs, electrical
Mexican-Americans get a small appliances, tobacco, toys. Or
hourly flat fee, not much after even parts for jet engines.
you deduct the cost of $4-per- Recently, after American Airlines
gallon fuel. So one day, CB jetliner crashed in Colombia,
radios and Spanish-language thieves made off with more than
stations start buzzing—time for 500 parts, including the engines
a fuel-driven, 30-percent freight and landing gear, for sale to
hike! A wildcat strike, wreaking other carriers. How secure is
havoc with the $1 billion-a-day your supply chain?
West Coast Port System.

Trade Wars The Wild

The EU and United States
battle over everything from Card
bananas to Roquefort to fine Bad things, good things,
wines. The favored weapon: big things—those ski-jump
Tariffs. The global pricetag discontinuities of change.
of agricultural tariffs: $100 North Korea, Iran, the next
billion annually, most falling Osama, intifada, or Avian
on American and European Flu. Next killer worm or
consumers. Another risk: Y2K buried in the world’s
The constant finger-pointing systems. China sputters—
on dumping issues between or invades Taiwan. Wham!
China and the United States. So what’s your Plan B?
Might the fickle finger point
at you?

Sources: Aon Corporation’s Trade Credit and Political Risk Practice Group. U.S. Meat Export Administration. Anderson Economic Group.

17
Solutions

Your new world is a

one-strike-
heavily
you’re-out world,
punishing mistakes.
New regulations and standards. An era of
corporate responsibility. Activist stakeholders
and a hyperactive press. All have ratcheted up
the expectations around security. Or else.
Solutions Control
Maintaining Security From Space
On Every Level GPS and other tracking
technologies follow
On air, land and at sea, goods are locked the container through

Secured and located—at every step, even when every conveyance,

ship, truck, rail or air.
switching teams and modes. And people Meaning, the ability to

Trade
are fully accounted for. commit-to-order, with a
sure delivery date.

TELEGRAPH INVENTOR Samuel F.B. Morse

spoke of his great aim to “annihilate
distance.” Today, the challenge is invisibility: Control
The millions of products and shipments that In the Container
can be lost, pilfered or counterfeited as they Everything—in detail. Where through
traverse the world. GPS. What through RFID. Who had it,
Ocean-going shipments hold a special when. The result is a rolling inventory,
protecting every pallet. Technologies:
danger: Just try to find out who really pallets shrink-wrapped, RFID-tagged,
owns a ship. As William Langewiesche then smart-sealed with currency-like
observes in The Outlaw Sea, “forty thousand tape that exposes tampering. Plus,
merchant ships. . . wander the world with monitoring devices that send alerts
about excessive heat or vibration.
little or no regulation.” This includes the
20-plus freighters estimated to be owned or
controlled by al Qaeda.
The high ground for business and
government is control in all modes: sea,
air and land. For high-value or high-danger
goods—pharmaceuticals, for instance—
electronic pedigrees offer a detailed log of
every stop, from plant to loading dock to
checkout scanner.
What is it? Who wants it? Where is it?
The difference is, real-time knowledge of
what’s in the box, down to granular details
of sizes and colors. It’s a stronger demand
signal, along with the real-time ability to KEEPING CONTAINERS SAFE LABEL
satisfy customers with accurate and timely • Each container is immigrants. are deployed inside barrier seals, indicative
measured to ensure • Radiological and and out. Can include seal tape, RFID seals FALSE WALL
shipments. And it’s the wealth creation of against false walls that biological tests are radiation sensors, and fiber-optic seals.
precision pricing. might conceal illegal performed. GPS devices, smart • Filled weight is
Today, secured trade is a driving force in drugs, weapons or • High-tech deterrents container sensors, checked against
empty weight. Does it
shareholder value. As business follows the conform to the size of
sun, success demands a bigger picture and 8 FEET TALL, 40 FEET LONG (2 1/2 CAR LENGTHS) the cargo? Does it all
add up?
a brighter, sharper lens.

8 FEET WIDE
LABEL
Control In the Air
Since 9/11, U.S. regulations require greater visibility into shipments. Air carriers handling imports
will have to transmit cargo data four hours before arrival. The solution: Neutral, Web-based portal
brings together shippers. Add to that the precision of bar codes and RFID. Meaning, mastery of
the real-time details: who, what, where and when.

SCANNERS: Handheld scanners
track and verify contents.
Gamma-ray scanners ensure
against false walls, contraband
and radiological devices.
Control at the Port
What’s in the box? The ship’s
captain, Customs, port security
—all have complete control—
from arrival to departure.
FINGERPRINT READERS:
With a touch, authorized
longshoremen gain instant,
point-specific access.
Secured
Borders
THE NUMBERS ARE DIZZYING… 4000 global
ports… 300 U.S. ports of entry processing 400
million people traveling across our borders in
133 million cars. Add to that another 4,000
ports globally, and it’s easy to see why customs
agents are so stressed.
The good news is, border security has
never had so many tools—globally integrated
databases merging country databases with
criminal databases like INTERPOL.
For example, with globally integrated
databases and license-plate readers (able to
read the tags on cars traveling up to 60 m.p.h.),
border control agents can know whether the car
is stolen before it hits their station.
But there are other tools as well. Smart
Cards with smart chips contain rich information
on the holdings, and Business Intelligence
validates the credentialing documentation.
Borders and facilities can be better secured
with ID technologies, ranging from intelligent
video to iris or finger vein pattern recognition.
And, because they are built on Service-Oriented
Architectures—independent of the underlying
technologies—systems are “future proof.” In
other words, easily and inexpensively updated.
Today, the hero of this story is not the
technology, which is now fairly mature. Rather, it
is the ability to integrate these systems, locally,
nationally and globally. The result is positive
identity and secure borders—all translating into
more secure and satisfied citizens, travelling with
greater confidence and ease.

21
Solutions
Secured
Identity
ONCE, TRUST WAS a known face—no
longer. As we travel, faces grow hazy, with
dangerous consequences when we trust
the wrong person.
As The 9/11 Commission Report
observes, “Today, a terrorist can defeat the
link to electronic records by tossing away an
old passport and altering slightly the name
in the new one.” Fortunately, with biometrics,
this once blurry picture is fast coming into
focus. Another big advantage: Speed. Better
identification means citizens and goods—and
economies—move more efficiently. Today,
around the world, retinal scanning, fingerprint
identification and advanced facial recognition
are protecting key infrastructure.
At the same time, with smart passports
containing digital photos, fingerprints and
chips, Customs and law-enforcement
personnel have the full picture. With powerful
databases, they can see connections
around the world. With biometrics, those
who transport dangerous cargo are in fact
the people authorized. Similar tracking
technologies mean that elections are fair and
democratic, and that citizens are connected
to government and vital services.
Take MyKad, the digital ID card now
carried by 22 million Malaysians. Consolidating
drivers’ licenses and identification cards,
this one card can do virtually everything:
bill payment (ePurse), tolls, parking/public
transport, ATM banking, health services and
more. And, Malaysia’s smart card is moving
citizens through immigration checkpoints.
THE VISIBLE
CONTAINER
RETINAL SCANNING
IN THE EYES: Identity based on blood
BIOMETRICS
PERSON POSITIVE: Automated
authentication through physiological or
vessel patterns in the back of the
eye—unique as snowflakes. Can be behavioral characteristics: fingerprint,
active (range: 6-14 inches) or passive retina, voice, hand geometry, etc. Scans
(more user-friendly, up to 3 feet). Then against a known database.
there’s iris-on-the-move, scanning the CITIZEN TRAVEL: Faster travel through
iris while the person is in motion. better recognition, or even traveler
“speed passes.” (But only with
voluntary background checks.)
GOVERNMENT FACILITIES: High-security
environments use corroborating checks:
fingerprint, face and more.
HIGH-RISK FACILITIES: Power plants,
reservoirs, drivers of radiological waste.
FINGERPRINTS
Making YOU’RE IN! Facility access
Certain or access to PCs and
other systems. Electronic
Mr. Jones keypad collects image and
scans zones against a
Really Is known image or database.
The FBI fingerprint
Mr. Jones database now holds some
81 million records.
Technologies that help
verify identities—
creating a more secure
environment by linking
each citizen with
ID CARDS the relevant data.
ID CARDS SMART EVERYTHING:
Cards can be single-use (driver’s
license) or multipurpose (health,
immigration, ATM and more).
National ID cards? Controversial. But
more countries are going that way.
FEATURES: Rainbow printing, micro
letter, holographic overlay, ultraviolet
and more.
PLUS, SMART CHIP: 32K of personal
history, medical, thumbprint
minutiae, color photo.
Secured
Air Cargo From Timbuktu
NO MODE OF TRANSPORT is rising faster
To You
than heavy air cargo. But to continue its The heavy freight industry gets seriously
connected—without the heavy lifting.
ascent, the industry—freight airlines,
forwarders and carriers with belly
space—must collaborate as never before.
Especially if it is to compete with carriers
offering guaranteed service and real-time
tracking. Yet look at the challenges.
First, the industry needs to embrace
the latest in digital technology—especially
next-generation Web integration. It
must contend with aging airports and
spaghetti-like legacy networks. And, it
must better manage today’s disruptive
givens: terrorism, military action, economic
turbulence, health outbreaks, and more.
Finally, the system needs dynamic decision-
making to better manage assets, capital
and information.
Solution: Create a new virtual
network, with seamless reach, total
control and on-time accountability—but
with a key twist. Consider: When asked,
the major shippers will offer real-time
package tracking. But what if the shipper
wants customized proactive alerts—at any CONNECTING
MAKING IT VISIBLE
milestone? Say, a beep on your PDA or cell First used for critical THE PLAYERS
phone: Shipment confirmed. military shipments like Shippers, forwarders,
With an online portal, customers blood and munitions, RFID airlines, Customs—all
find easy access, competitive and GPS technologies are require the same
steadily gaining commercial PROACTIVE information. But who
efficiencies—and alerts. Edge-to-edge
acceptance, especially TRACKING wants to wade through to
control, all seamlessly connecting as they get cheaper. The Tracking is best done by multiple sites to find it?
customers and real-time tracking. On time. payoff: real-time information “exception”—focusing on The future: Neutral portals
Their way. improves decision-making. problem shipments rather than for booking and tracking. A
And reduces the errors and routine shipments. Deeper one-stop shop for multiple
delays of intermediaries. control, less wasted time. carriers.

23
Solutions
Secured Information
CYBER SECURITY: It touches everything… the security of
your information, your partner’s information—and that of
your customers. That’s a lot to potentially go wrong. And, as
the numbers show, disaster potential is real and growing.
But look at the deeper potential costs: Bad publicity
… millions lost in reparations … lost customers … the
demoralization and distraction factor … and, finally, a
serious hit to your brand. And why? Because of what
organizations too often leave out—end-to-end control.
But improved control yields even larger business
outcomes. It includes improved enterprise performance,
say, with in-transit control and tracking management. It
means better managed operational risk, especially when it
Secured Banks
BANKS CAST A LONG SHADOW. Shackled in security,
they are perversely vulnerable to the gaps that phishers
and data poachers are quick to exploit. Blanketed with
accountability, too often they can’t be counted in to
manage their own growth. Or keep count of their own
customers. As the analyst Tower Group observes,
“A history of tactical cost-cutting and duplicative
maintenance efforts has left financial services institutions
mired in a maze of barren business operations,
fragmented technologies, redundant controls, and
information integrity issues.”
But what about a bank built with end-to end
security—security that allows it to better spot
problems and adapt to changing business and
customer requirements? In other words, what if a bank
not only had better integration, but also the ability
to secure its assets? Today, such security is very
comes to people, security, IT systems, goods and assets.
And it means business optimization through improved
supply chain efficiencies and IT systems protection.
Imagine weather prediction without satellite images.
Imagine flight without radar. Thus, to change the cyber
security picture, organizations need control inside and
outside their four walls. In short, to see the full picture of
enterprise—and extra-enterprise—risk.
Connected enterprises are more secure because they
can better grasp the full picture. They can read changing
patterns of risk. They can see interdependencies—the
gaps—between them and their extended network. And they
can play out—in advance—a path through potential risks.
Cyber security: Today, the path is not more locks and
keys. It’s the end-to-end connection that helps you secure
your world and better focus your creative energies.
achievable—and long overdue.
The secure bank begins by giving people at all levels—
from boardroom to the data center—a complete digital
map of branches, consumers, corporations, business,
regulators and partners: everything and everyone the bank
touches. Bankers get real insight into which operations—
and which customers—are really driving profits.
Instead of losing track of its customers, the Secure
Bank has deep insight into the customer’s changing
needs—in real time. And, with a real-time infrastructure,
the bank knows what systems it has on line, just as it
can monitor over-or under-capacity, then act to balance
it. Security: With zero-gap protection, the bank can see,
track—and thwart—threats. And, with a “hot-spare” of
virtual capacity, it can recover systems within 30 minutes.
The Secure Bank sees the true path to change. It
adapts in real time. And it can spot—and secure itself—
against this ever-moving storm of digital risk. Today, through
next-level security, the banking industry can emerge from its
long shadow. And shine.
25
Solutions

Secured
Enterprise
FROM CHALLENGE COMES OPPORTUNITY
and those who best innovate in times of
struggle win. Too often innovation, however,
has focused on the “what” -- the latest and
greatest gadget. While perhaps successful
in solving a very specific challenge, point-
solutions are at best inefficient, and at worst
they create a whole new set of challenges,
the least of which being their expense.
What is required is innovation of the
“how”. And often it is the elegantly simple,
unified approach that best strikes the
delicate balance between competing forces:
between agility and assurance, between
physical and data, between old and new,
between security and innovation.
An elegant, unified approach means
less complexity from one-off point solutions,
yet more agility and control. Less loss from
counterfeiting, spoilage, and fraud, more The 21st Century STRATEGY MAP PROCESS MAP APPLICATIONS INFRASTRUCTURE
MAP
MAP
operating continuity & performance. Less Organization The layer where the
business vision and
The layer where the
vision is carried into The layer where data The layer that provides
restriction of end-user technology choice operations model is core operations. is analyzed to assess a road map to eliminate
and social networking, more empowerment By creating a digital model of a established. Also, Deals with virtually opportunities and redundancy, leverage
and employee satisfaction. Less risk, process, organizations can see where economic every process that threats. Also where functionality and identify
how one layer of the business value, security, touches the identify/ modeling is done based how to best implement
more protection, trust, and assurance.
partner interaction track/ trace/protect on data captured from your technology
Less compromise, more value and success. affects another. The payoff: and standards framework. Example: investment in devices.
RFID devices, readers,
Less fear, more freedom. quick, well-formed insights adherence are Supply chain. sensors, bar codes
into unfolding events. determined. and other tracking
technologies.
Our Portfolio
UNISYS. SECURITY UNIFIED
At Unisys, we assess, design, develop,
and manage mission-critical solutions
that secure resources and critical
infrastructure for governments and
businesses. Our approach unifies
resource and infrastructure security,
creating the most effective and efficient
security environment possible and
freeing our client to focus on best
serving its citizens and customers.
Our people security solutions
identify, credential, verify, and profile
citizens, travelers, and employees,
for both physical and digital facilities.
Our asset security suite of
solutions allow you to track and trace
goods, physical and financial products,
and data, both in motion and at rest.
Our critical infrastructure security
solutions – for facilities, borders, and
networks -- save life, property, and
forensic evidence, and restore life to
normal after natural or man-made attack.
And our advisory and analysis suite
of services provide a strategic security
roadmap and a real-time, predictive
risk intelligence solution.
All of our security solutions
deter, protect, and defend against
tampering, fraud & attack at all points
of vulnerability. They consistently and
fully enforce a customer’s policies,
mandates, and regulations. They
increase organizational clock speed,
self learn, and ultimately reduce cost
and avoid loss.
We have an extensive heritage
working with defense, security, and law
enforcement agencies, particularly in
mission-critical operations, which places
security at the core of all that we do.
For example, the U.S. Army needed to
know the exact location and contents of
thousands of containers and air pallets
of cargo in transit per day for military
personnel across 1,500 nodes in 25
countries. Unisys implemented a unified
4m+ RFID tag solution that provides the
Army with instant access to equipment
and supply information. It has increased
productivity, improved war fighter safety,
and reduced costs.
We have created industry-
transforming systems where information
is unified, intelligently and securely
shared amongst partners. For example,
the Government of Malaysia wished
to provide a single citizen ID card,
consolidating driver’s license, bill
payment, tolls, parking/public transport,
ATM banking and health services. Unisys
brought to them a unified solution that
utilizes a state-of-the-art “MyKad” (My
Card) -- a secure multipurpose smartcard
for all citizens over 12. Now Malaysia’s
23 million citizens get faster service and
better information privacy, plus economic
activity increased.
We unify the ‘how’. We integrate
security domains, employ an aligned
methodology, develop and reuse linked
models, and share a common desire
with our clients to allay their customer’s
fears. For example, Chile’s Santiago
airport must securely process 3 million
people per year. Unisys delivered a
unified solution that identifies travelers
via passport readers and facial and
fingerprint recognition and automatically
evaluate against watch lists supplied by
Interpol and local police agencies.
For us, it’s not just about security;
it’s what security enables our clients to
do. When you are secure, you are in
control. You are efficient and effective.
Your citizens and customers trust and
value you. You are fearless. You win.
Complementary Unisys offerings.
Unisys Application Modernization and Outsourcing
makes operations more agile, secure and efficient
while lowering overall costs. Our approach –
leveraging over 1,400 unique, pre-built application
and process models and grounded in our 30 years
of experience and leadership in mission critical
and open technology -- delivers faster, cheaper
and with the least risk of disruption to our clients.
Unisys End-User Outsourcing provides anywhere,
anytime, one-call support that increases user
satisfaction while driving down support costs.
We leverage the combination of our global
ITIL-based Resolution Optimization Model
and network of 31 ITO Operations Centers
with 6,000-person strong field force to deliver
measurable cost reductions, improved satisfaction
levels and faster time to incident resolution.
Unisys Data Center Transformation and Outsourcing
leverages our long heritage of expertise in the
data center. Combined with our independent
thinking, innovative infrastructure and sourcing
capabilities, Unisys delivers data center solutions
that are more secure, more productive, and more
reliable while decreasing operating and capital
costs and increasing business performance.
27
Conclusion

A converging world
needs the seamlessness
of converged security.
Your walls. Their walls, “inside” and “outside.”
In an era of rising threats, your perimeter is
ever-expanding. And—unless you get the full
picture—potentially riddled with dangerous gaps.
Winning today begins by acknowledging the
changed risk equation. In a connected world, when
things go wrong, they will go wrong faster than ever.
29
Conclusion
Moreover, the system effects—like that of a power
grid crashing—will be faster and more far-reaching
and far more opaque, as the subprime crisis so
clearly shows.
Fortunately, thanks to converged security, just
as the world has grown larger and more chaotic,
improved integration technologies and clear
standards make the necessary integration a more
predictable and less costly process. At the same
time, converged security means your organization
can easily integrate a host of stable and mature
security technologies: iris scanners, license plate
readers, RFID and more. And we integrate it with
platforms and systems that you already have.
The result is a powerful merging of two, once-
separate realms: your IT systems with your physical
assets—the whole enchilada. The result is a truly
enterprise-level ability to protect people and data,
places, and things. Further, by using the latest in
open-source technologies, systems can be “future-
proofed” against the next generation of change.
Physical Security, IT Security—Converged
Again, the most obvious difference here is
an all-new level of integration. The less obvious
difference is an organization with the clarity and
control to collaborate—and innovate—with much
higher confidence, and thus a much greater degree of
success. In both the public and private sectors, the
benefits are as powerful as they are wide-ranging.
To be sure, bad things will happen, as they always
do. The difference is, far fewer will snowball and wreak
havoc. Why? Because organizations have the real-time
ability to sense and respond, whether to competitive
change or actual threats. Meaning, you can focus
more on “paying” risks, as opposed to thankless
risks, like phishers and hackers.
A System That Can Secure Itself
The result is a system that can secure itself
against theft and counterfeiting, or fend off electronic
attackers. Or send instant alerts, say, when a hard
drive has been damaged or compromised, or medicine
has been subjected to too much heat or vibration.
After all, if we can sift and test the soil on Mars, surely
we can know the facts vital to our products, fortunes
and reputations. Or, for that matter, with whom we are
really communicating.
Today, converged organizations deliver exceptional
performance and exceptional control over costs. And
they have an inherent capacity to manage risk, all while
delivering the enhanced productivity and efficiency—
and the ability to innovate—that delivers true growth
and reward in the marketplace.
An “always-on” world needs “always-on” security.
And now that day is here. Today, the two once-
separate worlds of physical security and IT are
converging. One system. One comprehensive view
of physical and digital reality. One secure path to
innovation. All under total control—your control.
Specifications are subject to change without notice. © 2008 Unisys Corporation. All rights
reserved. Unisys is a registered trademark of Unisys Corporation. All other brands and
products referenced herein are acknowledged to be trademarks or registered trademarks
of their respective holders. Printed in United States of America. October 2008.

This book was illustrated and designed by Splashlight.

31