Schumann Consulting AG, a German consulting house, has launched in the UK, targeting the financial community with its security administration management (SAM), which enables firms to formulate and execute a security policy across the enterprise. It enables managers to see which users are on the company network, what platforms they are using, what access privileges they have. The controllers can then make changes where appropriate, for example to remove all access rights for someone who has just left the company. UK manager Keith Girt says that more than 80% of company security breaches are committed by employees or ex-employees, either maliciously or inadvertently.
Schumann’s security division is the fastest growing element of the company, contributing $33.6m revenue to the firm’s $120m total sales for 1998. Despite the economic downturn across Europe, which reduced Schumann’s growth to 12%, the security arm expanded at a rate of 50%. The company already operates in the US from an office in Laurel, Maryland.
Its consulting background is the strength which Schumann claims will set it apart. Almost half of its 125 security team are consultancy focused, and Girt argues that this combats the trend of bungled security policy implementations, because Schumann can tailor the policy for the company. There is latitude, for example, between the weight of security and the ease of access. Are four or five passwords appropriate for a company, or would single sign-on boost efficiency?
Girt estimates that the company would need to stay with clients for a minimum of three months, maximum of three years, to ensure that all the systems are correctly integrated and installed. Average contracts are for organizations with around 10,000 to 15,000 users. SAM runs on IBM’s MVS operating system.
Several of the components of SAM are manufactured by other firms. For example, Bull’s AccessMaster product is used for the single sign-on facility. Schumann itself provides the central corporate repository, a store where all the information about who is on the network is kept, allowing easy changes by network managers.
After the UK, the next areas for expansion are the Benelux region, France and Asia-Pacific. Schumann is currently in talks with a major French systems integrator to provide a partner to install the systems. It has also signed up Australian firm Executive Computing to distribute its products in a market that Girt expects to take off shortly.