|
Event
CII debates IT security
The IT Security Conference 2005 was organised by the Confederation
of Indian Industry at Mumbai recently. Priya Jain reports.
|
|
|
At the CII conference on IT security, from left to right,
Sudhir Trehan (CII Western Region), Venugopal Iyengar (TCS, ISACA), Virendra
Gupta (Director, CII) and Ganesh Natarajan (Zensar)
|
An unprotected IT infrastructure is susceptible to information
theft. It can hit any business that aims to be competitive, and impact business
operations, corporate reputation, and customer and shareholder trust. IT companies
allocate substantial resources for their IT security programmes. However, non-IT
companies still have a long way to go when it comes to IT security.
The Confederation of Indian Industry (CII) took up this critical
issue and organised the IT Security Conference 2005 at Mumbai when it released
a report on the ‘Information Security Programme’ based on research
conducted across 70 sectors of Indian industry. According to the report, financial
data is accorded top priority by 62 percent of the respondents when it comes
to IT security.
During the conference, eminent speakers from the industry addressed IT security
issues related to technology and business operations from an industry and assurance
perspective. According to Ganesh Natarajan, CII Conference Chairman and MD of
Zensar Technologies, “A minor e-mail breach can cost thousands, while a
major data security lapse can cost crores—besides the embarrassment and
loss of confidence that it causes.” 60 percent of IT security breaches
go unreported for reasons ranging from legal implications to the erosion of
stock values. On the recent IT security breaches at BPOs in Gurgaon and Pune,
Natarajan said, “Though information security measures employed by Indian
companies are on par with the best in the world, incidents such as these can
occur anywhere.” He also insisted that the existence of a continuous security
programme is a necessity today.
Statistics from the study highlight that 38 percent of companies lack an information
security policy, 71 percent have no security process certification, and 30 to
35 percent have no business continuity or disaster recovery plan in place.
| Reality check: global scenario |
- Everyday, about ten new software vulnerabilities
are reported, and five critical security patches are released
- 20 new viruses and worms are released
everyday
- Corporate spying
through network penetration is becoming common, and cyber crime is rising
at an alarming rate
|
The survey also revealed that only 61 percent of enterprises have invested
in a business continuity plan. 60 percent of them club investment for protection,
while 86 percent of participants said that this investment was planned based
on the requirements identified by the enterprise. More than half the respondents
confirmed that their investments are vendor- and consultant-driven.
|
There are no standards to business
continuity management. The hunt is still on. Compliance is the road to
assurance. You can have your own road
|
Speaking at the conference, Venugopal Iyengar, Head, eSecurity Consulting,
TCS, and Vice-president, Information Systems Audit and Control Association,
said that security is not an independent system; an interface has to be integrated
within the overall operations of a company.
On front-end and back-end technologies, Vivek Gupta, Security Consultant, IBM,
commented that the threat to a company’s information is not only from the
Internet but can also be internal. “The recent deluge in Mumbai has shown
that the threat to information is not only operational but also physical. Today,
IT is a force and performance multiplier, but one cannot deny the multiple vulnerabilities
that come with it. Thus, to meet the increased security expectations, organisations
need to acquire a security framework. You need to discipline security management
and pull up your socks now to safeguard your tomorrow,” Gupta said.
| Reality check: India |
- Security breaches
are rapidly increasing
- Most of these
breaches are perpetrated internally, often by disgruntled employees
|
Rajendra Dhavale, Consulting Director, Computer Associates, pointed out that
more security does not make an organisation more secure—better management
does.
On the other hand, Akhilesh Tuteja, Director, KPMG, expressed
his concern about the ignorance in the industry by stating that IT security
is often an afterthought. Charanjit Singh Sodhi, National Manager, Client Solutions
Group, Secure Synergy, remarked that, “The right kind of control is needed
from people for the successful implementation of IT security solutions,”
and Anantha Sayana, Head, Corporate IT, Larsen & Toubro, opined, “IT
security shouldn’t be such that it prohibits or prevents...it should provide
business convenience.”
While talking about RFID application in conjunction with surveillance systems,
Rohinton Dumasia, General Manager, IT, Great Eastern Shipping stated that certain
critical issues inhibited the use of RFID. He alerted the audience to security
issues such as cloning, illicit tracking and illegal scanning of RFID tags.
He suggested that certain global policies must be adapted for secure and successful
implementation of RFID.
Advised B R Jaju, Chief Financial Officer, Crompton Greaves, “Investments
towards IT should be customised according to a company needs.”
With companies moving from mass production to mass customisation and increasing
their reliance on IT, IT security has become crucial for them. “Information
security is a big concern for every organisation,” noted Sudhir Trehan,
Chairman, CII Western Region. Rajat Mohanty, CEO, Paladion Networks, expressed
a similar opinion by saying that business-critical applications are opening
up due to the extended enterprise.
The overall mood was perhaps best summed up by Iyengar when he said, “There
are no standards to business continuity management. The hunt is still on. Compliance
is the road to assurance. You can have your own road.”
priya@expresscomputeronline.com
|
