Being in IT security is more than a full-time job for William Boni. As Motorola's vice president and chief information security officer, Boni oversees security for a global network supporting some 100,000 end users. He also recently helped form an IT security consortium with counterparts from other companies and last week gave a keynote address at the InfoSec World conference in Orlando. Somewhere in between all this, Boni spoke with Network World Senior Editor Ellen Messmer.

How would you describe the level of importance Motorola gives to IT security these days?

Motorola, like most other large, sophisticated global organizations, has become increasingly dependent on the running of its IT infrastructure, applications and technologies to support the success of its business strategy and operations.

In parallel to that increased recognition, you have increasingly visible and apparent risks and threats to that infrastructure and those operations and capabilities. It's not just a matter of Sept. 11. We had a whole series of denial-of-service attacks in the spring of 2000; there has been the seemingly endless series of worms, viruses and other types of events.

Management has sought to obtain higher levels of assurance by giving this role executive-level status and accountabilities.

What sorts of security projects can you tell me about that are going on within Motorola?

Motorola is a major producer of intellectual property, proprietary-sensitive information, new product designs, trade-secret and patentable information across a number of industry segments. The challenge in developing new products and solutions is that it requires extensive use of digital technology to design, describe and bring them into production and distribution.

A common business practice is reverse-engineering, looking at ideas and seeing how it compares against the individual company's product. The concern is to make sure we don't have premature leakage of key forms of digital intellectual property. There are a number of different technologies from both mainstream leading vendors and start-ups that I am interested in looking at.

What's been your experience with intrusion-detection systems?

Detecting something is always less desirable than actually preventing things in the first place. We got into the IDS technology fairly early and found, like everybody else, the existing tools and technologies suffer from creating a huge overload of false positives.