Advertisment

Mission critical

author-image
DQI Bureau
New Update

‘Necessity is the mother of all inventions', and this holds true for the enterprises which are grappling to expand their ICT networks as customers increasingly look at information and communications technologies for some solutions.

Advertisment

Meanwhile, the growth and expansion of enterprise networks is giving rise to a new challenge of securing these networks. Few years back, the threats were limited to the solitary desktops and PCs, but as desktops and PCs were replaced by the notebooks, netbooks, and a plethora of handheld devices like smartphones and tablets, threats evolved at a faster pace.

As the security environment worsens due to a complex set of threats, network security must be dealt with seriously and in a much more comprehensive manner.

Types of Attacks

Advertisment

Information security is no longer IT's step-child, but a mission critical: a data breach has an immediate effect on a company's bottomline, its share price, its market share, and in some cases, on its ability to survive the loss of confidence and loss of contracts.

The biggest threats for enterprises surface from the fact that they seem to be complacent. Enterprises are satisfied with what they have deployed for security. CTOs, CIOs, and security heads should brace up for any threats as these are evolving with the advancement of technology.

Enterprises are increasingly witnessing more and more sophistication in the threat landscape with the emergence of attacks such as Stuxnet and Night Dragon.

Advertisment

Secondly, there is an explosion of new technologies such as mobile devices and Web 2.0 that makes us more productive, but also more vulnerable to cyber threats.

Adding to this, there are a limited number of trained resources to manage threats across enterprises. Although, we see an improved security posture at enterprise level, we believe that there is a lot more maturity required to use security as a business enabler.

The Cushion

Advertisment

The need of the hour is to have co-related interlocked defence, which helps organizations to become proactively secure. This will drive efficiency and control in cost, as enterprises move towards an optimized state.

From a consumer standpoint, awareness about internet security is the biggest challenge. Security is as much a people issue as it is a technology issue. Consumers are unaware that it is also their responsibility to protect their data and their kids getting access to objectionable sites on internet. Consumers usually assume that the service provider or the PC vendor would take care of these aspects of data security which is not the case.

IT has become central in driving business processes that serve enterprises' objectives of increasing productivity and profit. But, as technology advancements help drive business innovation, they also make the current enterprise environment more complex with multiple media, multiple data locations, multiple devices, and multiple productivity tools.

Advertisment

The Security Market

Analyst firm Gartner's 2011 report had predicted that the IT security market in India is estimated to be around $218 mn in 2012, with an annual growth rate of 20-30%. It expects the market will grow at a CAGR of 16.4% between 2011-2016.

Network security has been one of the top agendas to be handled by CIOs in 2012-mainly due to the need to comply with government regulations-and it is expected that this trend will continue in 2013.

Advertisment

The Department of Telecom has mandated that Indian telcos will be responsible for security of their own networks. They also should have organizational policy on security and security management of their networks. Network forensics, network hardening, network penetration test, risk assessment, actions to fix problems, and to prevent such problems from recurring, etc, are part of the policy and telcos must take all measures in respect to these activities. This ruling has forced telecom operators to adopt more stringent security measures.

Likewise, the Reserve Bank of India's (RBI) mandate is also forcing banks to follow the guidelines laid down by it on information security. Following the guidelines, banks have been drafting and implementing their IT security policies.

Consumerization of Technology

Advertisment

New gadgets such as iPhones, iPads, android devices, and different laptops and tablets are connected to corporate networks and pose security risks. Employees expecting to receive corporate services on these devices are significantly expanding the corporate parameter. This could result in data leakage or data intrusion leading to direct access to one's network.

More devices in many form factors, accessing more applications, are being extended to more levels in the organization. This is no longer a world where only executives access emails over their Blackberries; employees across-the-board can be more productive by using mobile devices. The pressure to allow these devices on the network necessarily puts organizations at risk of being out of compliance with the regulations, like those meant to protect electronic patient information in a healthcare environment, industry guidance (like PCI), and corporate policies on which they've collectively spent billions.

Conclusion

It is always believed that the bad guys will always remain ahead of the cops, but the catch would be to minimize the gap. The CIOs of enterprises are always pressed for this. There is no denying that networks would expand in future and more and more data accessing devices will be added to it. Data will continue to be available anywhere, anytime, but the CIOs now have to prioritize their mission critical data and they have to constantly monitor and revisit their security protocols.

(Article was first published in VOICE&DATA)

Advertisment