Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
11 July 2005  
Untitled Document
Sections

Market
Management
Technology
Technology Life
Columns

Between The Bytes

Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp. Hotelier & Caterer
Exp. Travel & Tourism
feBusiness Traveller
Exp. Pharma Pulse
Exp. Healthcare Mgmt.
Exp. Textile
Group Sites
ExpressIndia
Indian Express
Financial Express
Home - Management - Article

Feature

Securing the enterprise

There’s more to security management than you think. Kusum Makhija gets a 360-degree view of the state of security management at India Inc.

An enterprise is prone to security interruptions. These may be natural, accidental or man-made (deliberate). Changing trends in information security indicate that an enterprise is more prone to internal than external threats. Therefore the need for a security policy today is to address internal as well as external threats. So whenever an enterprise looks for a security solution, its concern is to protect the core information and infrastructure, guard the endpoints, and verify the user device and policy. Enterprises continuously fret about effectively managing and controlling access to information at any protection level on a global basis.

“As enterprises expose their perimeters to customers and business partners, there is less room or tolerance for security lapses. Yet there are e-businesses and corporations that still lack basic security tenets; they are not using adequate firewalls or intrusion-detection protection, and do not have security policies in place,” says Sheetal Mehta, Project Manager, Wipro Technologies.

With the advent of globalisation and with the rise of mobility, individual enterprises and networks have extended into larger global networks.

“The foremost need among enterprises is protection or prevention, and then disaster recovery. Customers’ prevention strategies comprise gateway protection with firewalls, intrusion protection, gateway anti-virus, the file server and desktop protection; the latter consists of desktop anti-virus, desktop firewall and intrusion detection. Data integrity is taken care of by effective encryption solutions. Secured authentication is handled by two-factor authentication solution such RSA tokens,” explains Harish Tyagi, CEO of Taarak India.

Informs Vijay Gupta, Deputy Manager, IT, Punj Lloyd, “We have deployed Checkpoint solutions in our organisation. As a result, remote and mobile users are able to log into the network in a secure manner. We have a security policy in place, and spend about Rs 10 lakh annually on it. The need for other security solutions such as identity management has not yet been felt internally.”

CIO concerns

For many enterprises, the network is the business and nothing can be more nightmarish than an insecure network. On the other hand, enterprises today have many more users (both internal and external) accessing their networks than they had in the past. Most of these networks are connected to several more networks, including the Internet, and many of these networks are accessed remotely.

While the Internet offers tremendous value by opening up new levels of integration with partners, suppliers and customers, it also exposes business systems to new forms of malicious attacks, thereby leading to the need to look at solutions that are self-healing and can protect the network.

Common security errors
  • Failure to keep systems patched n Lack of security policies and procedures

  • Lack of a centralised security monitoring operation

  • Inadequate firewall protection & intrusion detection protection

“Enterprises should be prepared to cope with organisational growth, which in turn entails new enhancements to the network both in terms of applications and size,” states Jagdish Mohapatra, Regional Manager, Channels, Cisco India and SAARC.

Other than reduction in security costs and capital investments, CIOs are increasingly looking at boosting an organisation’s security posture. “It is important that the solution address all aspects of security, be it physical or information-related, besides reducing the need to specialise or hire specialised IT staff,” remarks Shivaji Chatterjee, Senior Director, Sales and Marketing, Hughes Escorts Communications.

Agrees Tyagi of Taarak, “There is no one-stop shop for security from any vendor. As the CIO is implementing various solutions, the integration and event correlation is every CIO’s concern.”

That said, careful planning can mitigate integration issues. Says M K Sastry, Deputy Manager, IT Infrastructure, Fibcom India, “We have deployed standard products and solutions, hence integration was not really an issue.” Every year, the company spends about 1 percent of its turnover of Rs 200 crore on security management.

“Whether the security solution meets his immediate and future security requirements is the prime concern of any CIO today. He is also concerned about integration with the existing applications, servers and network to provide the right mix of security and functionality,” opines Anil Bhelkar, Head, Security Business, HCL Infosystems.

As organisations become more dependent on networks for business transactions, data sharing and everyday communication, their networks have to be increasingly accessible to customers, employees, suppliers, partners, contractors and telecommuters. But as accessibility grows, so does exposure of critical data stored on the network.

Challenges in integration

While diverse information systems and sophisticated attacks against data security continue to grow, protecting sensitive data is becoming increasingly challenging.

“Proactive management of information security is vital in ensuring the integrity of data being accessed and exchanged in an enterprise network,” says Mohapatra.

Confidentiality of customer data such as patient records or consumer credit information is a regulatory matter that needs to be addressed with necessary technical safeguards such as data encryption.

“Another challenge for enterprise information security is the heterogeneous nature of today’s IT environment. Enterprise security solutions need to integrate with a variety of third-party products and support multiple platforms ranging from Windows to Unix/Linux and mainframes. Other integration challenges include no product standardisation or integration with each other,” says Mehta of Wipro.

Proactive management of information security is vital in ensuring the integrity of data being accessed and exchanged in an enterprise network
Jagdish Mohapatra
Regional Manager, Channels
Cisco India and SAARC

There are several challenges that one faces while implementing enterprise security solutions. These typically consist of multiple point products, each working independently. As they are not integrated, multiple point products are difficult to manage, which increases IT administration and support costs. Protection is usually not comprehensive.

What’s more, when an outbreak occurs, the ‘fixes’ that each vendor provides must be tested and verified across various technologies. This can slow response to attacks, potentially raising the costs that are incurred. Since these independent point products were not designed to work together, they can degrade network performance.

“The implications of current security solutions include inefficiencies, inadequate protection against blended threats, and a higher cost of ownership. It all adds up to an under-performing security posture that is difficult to understand and provides little insight into enterprise security planning,” notes Umesh Deshmukh, Head of Sales at Symantec India.

Currently, enterprises look at investing in security based on the investment done in their IT security infrastructure. However, the approach should be on the basis of risk perception and impact analysis on the business in case of information loss or non-availability of IT infrastructure.

Emerging trends

There has been an increase in buying from the government, public sector units, banks and insurance. Corporates realise the importance of proactive measures in the face of blended threats, and this has led them to set aside budgets for security solutions. According to Deshmukh of Symantec, “There are a number of technologies introduced which aim at reducing the security risks of online computing. The most promising of these include intrusion protection, vulnerability management, threat and early warning systems, firewalls, content filtering and e-mail security.”

The latest trend in the Indian market is to outsource the security solution to an expert to reduce the costs involved in purchasing security solutions. Technology-wise, this era of security solutions is all about integrated anti-virus, firewall and IDS, preferably with a single console, i.e., one single integrated device performing all the functions. Security auditing and penetration testing along with identity management software is becoming more common.

Frost & Sullivan projects India’s network security market to grow by 32.4 percent from an estimated $45 million in 2004 to $59.5 million this year.
“It is important to have an IT and security policy in line with business policy. This should be translated into deployment procedures and monitoring mechanisms. A review of security within the organisation by the owner of the business, treating security as an investment rather than as an overhead, and allocation of necessary resources at the right time is the key to success,” sums up Bhelkar of HCL.

kusum@expresscomputeronline.com

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.