Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
18 February 2008  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
CIO Decisions
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Market - Article

Event

Enterprise security is everybody’s responsibility

The CSO Perspectives event brought together chief security officers and IT heads to discuss robust security strategies, reports Mohammed Shariff PA

As technology deployments pick up pace and mature making us a lot more productive, these have brought about vulnerabilities of a different kind. Businesses are expanding rapidly (extending their networks for the mobile workforce) and are facing the risk of security breaches—both external and internal. Every employee is instrumental in turning the company’s business strategies into reality. One needs information that will help execute security strategies and help in planning efficient technology implementations. This was the message sent out by the CSOs and IT heads of many IT companies such as, Wipro, Infosys, Aditya Birla Minacs, Thomson, TCS, TESCO, Transworks, Symphony, Sparsh, intelenet, Cognizant, Accenture and HCL who attended the packed session.

Kickstarting the roundtable discussion, Kevin D. Walker, Director & Senior Security Strategist, Worldwide Security Service Practices, Cisco Inc, said, “There are many things that have become a hassle for companies. Amongst them security is definitely a major issue for which CSOs still seek an answers from different corners of the industry.” Identity and access management was the major issue that was brought to the discussion table. The whole point was about the kind of work culture that leads employees to indulge in security breaches, which ultimately end in a disaster for the concerned business. Capt. Dayalu Arasappa. Head Facilities & Support, Tesco India, said, “Its all about how you bring about security awareness amongst employees. Creating awareness is more important than adopting security technologies.”

Kevin stressed on the need for creating awareness, about the security framework that an organization has, amongst its employees. He said, “Ultimately, it’s every employee’s responsibility—from the executive suite to the manufacturing floor, to put security first and keep it a top priority.” Most participants agreed that it is human error that is creating major threats for companies rather than technological failure.

Another interesting insight from the event was that CSOs today face a major problem of justifying budgetary allocations for security in their organizations. It came out during the discussion that a majority of them were not ready to put in extra investment towards security strategies. Moreover many said that they did not consider security as part of their enterprise function. This was creating a platform for hackers and for security breaches. It has been noticed that new employees are more likely to indulge in security breaches and this has proved to be so in 2007. Nandakumar Sarvade, IPS, Director Cyber Security and Compliances, NASSCOM, said, “When we compare India with other countries, our country has been emerging as the safest country in terms of security breaches. This needs to carry on in every organization with proper awareness programs for this. Media should play an important role in educating the masses.”

The need for awareness among Indian citizens rather than at the corporate level was another major area of discussion. Walker said that most companies have their awareness programs, however, the high attrition rate is killing that spirit at the corporate level. According to him threats come in different ways—such as an overhead phone call, stolen laptop, or suspicious downloads. All these pose significant security threats. Kevin stressed that all the practices to tackle security issues, should start from the heads of the company. The bottom line is that the senior managers do not want additional money to be pumped into securing an organization, as the cost of security is more than the cost of remaining insecure. This needs to change, as information security had become a business requirement during the past few years.

Sarvade said that NASSCOM is preparing a National Skill Register (NSR) through which companies will be able to check the past record of any employee. Through the NSR system one can blacklist the candidate if found guilty. The process is on and it is expected to be complete by end 2008. Sarvade pointed out that, carelessness amongst employees vis-a-vis security should be done away with. This could be achieved by having strict instructions within the company and framing a code of conduct.

Val Souza, the former Editor of Express Computer moderated the panel discussion and Atul Goel from Cisco Systems inaugurated the discussion and extended the vote of thanks.

mohammed.shariff@expressindia.com

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.