|
Speaking at a CII-Price Waterhouse panel at the seminar on information
security, hosted by Microsoft in Mumbai, I was quite surprised at the large
numbers of responsible Indian CIOs who had turned up to discuss what is becoming
a significant occupant of mind space around the world.
According to CERT/CC, the Internet Security Research Centre at Carnegie
Mellon University, USA, the number of security incidents reported has increased
exponentially from a paltry 1,334 a decade ago to 137,529 in 2003.
With all this happening around us and in an environment where global
terrorism is still uppermost on the minds of many Western politicians and policy
planners, the US Department of Homeland Security is making a big push in the
area of Information Security and ensuring that vendors to US Corporations also
practice the best information security habits. Many of us were actually invited
to present our plans at a conference in Washington DC last year. In a world
where information is fast replacing the traditional Ms—Men, Material and Money—as
the key resource for organisations, it is only natural that business
corporations would want to do whatever it takes to keep information flowing
without impediments across their global corporate networks. To make this happen,
four significant focus areas are emerging which may be worth mentioning here:
n Proactive Intrusion
Prevention: Host-based Intrusion prevention systems protect information
assets from known and unknown threats and enable managers to update and patch
software on a regular basis.
n User Identity Management:
Solutions that help in integrating disparate authentication schemes, development
of identity provisioning processes and integration of physical and computer
access.
n Securing Applications:
The focus here is the defense of web-based applications against threats. The
solutions evaluate all elements of web-based application environments.
n Compliance: Several
industry and cross industry regulations and guidelines have emerged-such as
Sarbannes-Oxley, HIPAA and the more popular BS 7799 or ISO 17799 standards-with
the basic objective of helping practitioners with frameworks that identify
compliance gaps, deploy new processes and develop compensating controls in areas
where full compliance may be expensive.
While data, application and information security are important for CIOs in
responsible corporations, they are also an imperative for major software
companies engaged in applications development and maintenance for global
clients. In fact, of the last ten Fortune 1000 client visits to our facilities,
four have been for the explicit purpose of meeting the Chief Information
Security Officer (CISO) and assessing how the team has conceptualised and
deployed a robust information security plan.
A number of significant vendors have are already jostling for the attention
of CEOs, CIOs and CISOs. Foremost among them are CISCO, Symantec, Network
Associates and Microsoft. Security certification has also evolved from the days
when the only known qualification was Cisco's CCSP and Microsoft's MCSE to
active proliferation of programs by the Internationals Information Systems
Security Certification Consortium.
Whatever be the trigger or motivation for vendors like CISCO and Microsoft,
Consultants like PwC and Ernst & Young, associations like CII and Nasscom,
software and BPO exporters and even progressive domestic companies like ICICI
and the Mahindras, information security has now moved beyond being just another
item on the agenda of information systems executives to being an integral part
of any corporate information strategy. The biggest constraint in this area too,
like many others in IT, will be the availability of information security
professionals with demand expected to jump from the current 18,000 to 77,000 by
2008. It will need a concerted effort, not just by technology vendors, but also
by the IITs and IIMs and other reputed institutions like Symbiosis and Manipal
to ensure that this area does not prove to be a stumbling block to the
resurgence of the software industry.
The author is deputy chairman & managing director of Zensar Technologies
and chairman of Nasscom's SME Forum for Western India Ganesh
Natarajan