|
Security
Anti-virus, anti-spam still popular; security policy yet to catch up
Although security software is popular with SBs, Nivedan
Prakash finds that security policies are conspicuous by their absence
 Security
is a major concern for any business that is dependent upon IT and SBs are no
exception to this rule. Although they may be small, the complexity of an SB
and managing its IT systems is not that different from the process in a large
enterprise. The SB segment, however, lacks knowledge about the importance of
being secure and faces the repercussions of not implementing the same. As a
result, it is this segment that is most hit by viruses, Spam and other intrusions
on a day-to-day basis. The other reason being the fact that majority of small
businesses use pirated software, which makes them vulnerable to a virus attack
and security related breaches. Additionally small businesses do not update their
systems with the latest patches that adds up to their woes making them more
vulnerable.
Although most small businesses today have some sort of infrastructure with regards
to security, the installation of anti-virus software is what they do as far
as security is concerned. According to the AMI-Partners survey conducted on
behalf of Express Computer on the small business segment, from a sample of 195
small companies, 83% of the respondents had some sort of a security infrastructure
in place.
SBs are vulnerable
As far as security is concerned, most small companies are aware of anti-virus
and firewalls. Ironically, the only problem that exists for the small businesses
is the threat of viruses and that is why most of them in this segment go for
some anti-virus solution. Narayan, Head-IT, Sujay Hospital, said, “For
security, we use Norton Anti-Virus version 4 because it is the best and is a
reputed solution available in the market. It has definitely helped our business,
especially in tackling our day-to-day problems with regards to small viruses
to a certain extent.”
The view is shared by C T Thomas, Manager-IT, Balabhai Nanavati Hospital, “We
use anti-virus and firewall from GajShield Infotech as well as eScan Internet
Security Suite version 9.5 to protect our vital data and Internet messages from
viruses. However, we don’t have any security policy as such.”
Vertical-wise, the manufacturing vertical along with utilities,
transportation, real estate and construction comes out as the most vulnerable
with only 76% of respondents having a security infrastructure in place. Whereas
the IT/ITeS vertical is found to be the most security conscious with around
91% companies having security implementations followed by professional/other
services sector with 89%, BFSI segment with 88%, and wholesale/retail sector
with 87%.
S K Sharma, Deputy Manager-IT, Singer India, said, “We have around 60 to
70 employees. For security, we have deployed a anti-virus solution from Trend
Micro with Intra scan virus 1 version 6.0. We are using this proven solution
to put a check on the Internet messages and to keep our weekly back-ups. We
have invested approximately Rs 50,000 for the 20 licenses of this solution.”
And also, as per the survey, 78% of the small companies with a turnover between
Rs 25 to 49 crores have security infrastructure in place followed by 80% of
the companies with a turnover between Rs 50 to 75 crores, and 93% of the companies
with the turnover between Rs 76 to 100 crores.
Standalone anti-virus rules
Of 195 respondents, 79% use anti-virus solutions, 49% PC-based firewalls, 46%
have anti-spam, 28% use anti-spyware, 26% a network-based firewall, 10% content
filtering, 8% an intrusion detection system, 5% rely upon penetration testing,
and 3% on disaster recovery solutions to protect their IT infrastructure.
Across verticals, it is IT/ITeS where the most number of companies have deployed
security solutions such as anti-virus, anti-spam, anti-spyware, intrusion detection
system, content filtering, and PC-based firewall solutions. While taking the
case of network-based firewalls, it is the BFSI segment that uses this technology
the most with 36% of the respondents from this category giving firewalls a thumbs
up. In the usage of penetration testing, it is the utilities, transportation,
real estate, and construction sector that leads the pack with 21%.
Talking about the kind of security solution being used in his company, Anil
Kumar Siddu, Director, Team Ventures, said, “We use a firewall and an anti-spam
solution as far as security is concerned. Right now, we are using Kaspersky
Internet Security. We have even spent quite a bit of money in security solutions,
encryption and archiving.”
Mandeep Bhardwaj, IT Head, NSK Textile, said, “We have three branches across
India and we have three to four employees in each branch. We have basic security
solutions to protect our software, servers, and the Internet connections from
viruses. We use Symantec’s anti-virus solution as well as a Linux-based
firewall.”
Partha Banerjee, EDP Manager, B E Pump, pointed out, “We have around 200
employees with four branches pan-India. As far as security is concerned, we
have deployed Quick Heal version 2.5 to protect our servers, 15 PCs, as well
as secure our data related to finance and accounts. We don’t have any firewall
and anti-spam solution as ours is still a small set-up.”
An interesting fact to note is that some small companies internally developed
security software and did not rely on external vendors for this function and
they did all this with a handful of people in the IT department. Ketan Mandhare,
Database Developer and Software Programmer, Auchtel Products said, “We
have around 30 employees. As far as security is concerned, we have developed
in-house software that is related to Windows 2003 server. We use this software
with regards to the Internet and blocking sites and feel it is adequate for
our operations.”
Siddu, however, stated, “A long time back, we had developed
in-house software but now we are going for standard off-the-shelf readily available
products as it is well supported.”
The percentage figures represent planned technology penetration /usage
within SBs. These numbers may add up to more than 100% since a particular
respondent may plan to invest on multiple technologies. Base = 179 |
Absence of security policy
Security is vital for SBs these days because of rampant security breaches and
virus threats. Sanjeev K Sinha, Senior Manager-IT, Old World Hospitality said,
“We have around 750 employees. Security is of prime importance to us and
we use CA products in the security space. For anti-virus and firewall, we have
Norton version 10 in order to protect our valuable information and data from
viruses.” Having security products alone will not give comprehensive security.
Along with products, businesses need to have a stringent security policy for
a reliable security business set-up.
“Security is important because we don’t want any [of our] information
to be available to others. Any commercial data, which is vital for us and flows
continuously, has to be protected. Additionally, a lot of communication happens
within the organization and that has to be secured. I think we have even done
a security audit,” added Siddu.
Another interesting opinion on the importance of security is given by Sharma
of Singer India. “Security is not of prime importance to us and we don’t
even have any security policy in place. In today’s competitive world, it
is a matter of survival and with some virus intrusion, if your hard disk crashes,
then your business will suffer. I believe a security solution is a wealth for
us, as you need to protect your data from viruses and spam mails amongst other
threats.”
One important aspect of security that merits attention here
is the need for security policies in the small businesses. Since few players
in this segment have ERP systems implemented, the need for security policies
is less. Most of these companies are currently without well-defined security
policies and are getting their work done through a handful of people in the
IT department.
The other reason is that small companies have small networks that can be managed
efficiently by the internal IT teams of these organizations. Small business
also not gone for full-fledged security policies because they believe that it
would demand extra expenditure, which a small organization may not be in a position
to afford.
Business heads call the IT shots
All the IT decisions in small companies are mostly taken by the top bosses—be
it either the CEO or head of the organization. It is because the IT team in
a small business is relatively smaller in size as compared to that in a medium
or large business. Moreover, small business structures are not evolved sufficiently
to have a CIO in place. In some cases, an IT manager or system administrator
is given the authority to make policies, take purchase decisions, and decide
upon the IT expenditure. To an extent, we can say that senior members in the
organization have a significant role in the IT purchase decision-making process.
Securing data
The prime concern for all small businesses, with regards
to security, is to protect and secure all kinds of data. That is why today we
see almost every SB being equipped to handle viruses with some anti-virus software
or the other installed on its systems. Besides, a few of them have security
policies attached to IT usage within the organization including the ERP system.
Mandhare added, “Although we don’t have any security policy as such,
security is of prime importance to us. We need security so that nobody should
breach our office data and the database server.”
Many small businesses are now also part of a larger supply chain and transact
with other dealers and large manufacturers. There are many companies in the
small business segment which are serving multiple customers. Securing data for
them is of utmost importance to survive. Data security holds relatively greater
importance for these companies than for larger companies.
However, when it comes to the confidentiality and integrity aspects of data,
small businesses lack the technical expertise and awareness of various products
that would enable them to achieve data security.
Meanwhile, there are a few small companies that have gone for or rather say
implemented more than one security solution to protect their vital data. Balabhai
Nanavati Hospital of Mumbai has utilized multiple solutions to secure its systems—GajShield
and eScan Internet Security Suite.
A few companies have a vision for their security policies. Sujay Hospital of
Mumbai has all of its business processes secured. Team Ventures has done a security
audit to keep track of all the information about the various aspects of its
business.
Narayan added, “We have our own security policy in place
and we have invested a few crores into security solutions. Security is important
and I believe there is no level to measure its importance. We need security
to protect our data as well as servers in order to make our business successful.”
Spending to increase in 2008-09
According to the survey, of 179 respondents, 42% would be investing in security
infrastructure in 2008-2009. Here again it is the IT/ITeS sector that has been
found the most security conscious with 57% planning to invest in security solutions
in the coming year as they expand their business operations and internal teams.
The second spot is shared by manufacturing and BFSI segment, with 55% of each
of these sectors going in for security investments next year. These are followed
by the utilities, transportation, real estate, and construction sector with
48%; professional and other services sector with 45%; and the sector that will
invest least in the security infrastructure is the wholesale and retail sector
with 34%.
47% of SBs with a turnover between Rs 25 and 49 crores will invest on security
solutions, followed by 49% of the with a turnover between Rs 50 and 75 crores,
and 60% of companies with a turnover between Rs 76 and 100 crores.
Further looking at each of the security solutions, out of 179 respondents, 30%
would be investing in anti-virus solutions, 26% on anti-spam, 9% on content
filtering, 8% each on network-based firewalls and intrusion detection systems,
7% on anti-spyware, 4% on PC-based firewall, and 2% on penetration testing.
So anti-virus and anti-spam will continue to be big spending areas for SBs.
Among all the verticals, it is the utilities, transportation, real estate and
construction sector that will invest more in anti-virus, network-based firewall,
and penetration testing. While taking the case of content filtering, it is the
BFSI segment where the maximum number of deployments will take place with 27%
of the respondents from that segment announcing their intention to do so. In
the investment for anti-spyware solutions and PC-based firewall, it is the IT/ITeS
sector that leads the table with 9%.
At present, the spending on security is still low, however, there is likely
to be a rise in expenditure in the near future as smaller businesses strive
to reach the higher technology adoption levels of their medium and large counterparts.
A small investment with a bit of planning would do no harm to any company if
it secures its operations. Every single organization relies on data. It is considered
the biggest asset for any company and if things go wrong with data then a business
grinds to a halt.
Small businesses are still in the early stages of their security infrastructure,
which means that they just have anti-virus and anti-spam solutions deployed.
Once they realize that their basic infrastructure is in place, they will start
going in for high-end IT security solutions and complement their existing security
systems.
(With inputs from Neeraj Gandhi)
nivedan.prakash@expressindia.com
|
