/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsIn this panel discussion called "Strategies for Securing Digital
Assets", organized by Dataquest in collaboration with Safenet, panelists
discuss the nuances of security and conclude that a proper understanding of
security should not concentrate on products alone, but, equally, aim to put in
place a firm conceptual apparatus with clear policies and procedures.
Concerns: IPSec, SSL or Second layer, which of these is the right VPN
for any organization.
Recommendations: When operations are small IPSec VPN looks like a good
option wherein different branches can dial in using a dial-up. This also helps
keeps costs under check. With growth, IPSec does not serve the purpose. SSL
looks like a more viable option. But moving from IPSec to SSL is easier said
than done, as bandwidth is not that cheap even now. So technology comes in to
change the situation but it comes at a high cost.
These three versions are not substitutes; instead, they solve different
problems. In certain situations global customers and multiple customers have
their own set of criteria of security at every level. At different points,
companies may have different setups. For instance, a call center may be using
all three technologies but for different customers. In other words,
implementations are diverse. So we could have all the three running at a single
site at the same time. Managing the entire infrastructural setup in itself is a
huge challenge.
/dq/media/post_attachments/f24e72db3fccad0c32f270c03f28400eb93d246b28797553790e297d99459187.jpg)
Security
technologies must be addressed from two perspectives. First is the management
perspective that which looks at the available technologies and decides on the
ones that it wants to implement and use. The second perspective is being able to
decide what technologies to actually use and not look at tech for the sake of
tech. Also because what is in today may not be in tomorrow.
Concern: Is security just limited to securing your network or does it
extend beyond the network?
Recommendations: The key issue should always be to ensure constant
stability. What must be clearly understood is that security is not just
products; it is a gamut of procedures and policies-the works. So the question
is what should be done to ensure data safety from source to destination. So it
is important that there are regulations with regard to digital security. To
build an analogy, a company today produces a balance sheet because company law
demands it. So it's a question of protecting the general good of the
stakeholders. It will help go the standards way. Establishment of standards can
be seen as the first step towards compliance.
|
/dq/media/post_attachments/9c18136c00ad7a4121e73d106b31bd92f5e5079bf3fcfcab9a4d5ec923bf6a0d.jpg)
“Global customers and multiple customers have their own set of criteria for security at every level”/dq/media/post_attachments/6157ac7d001bfe4058770f884fb6df108e2e2692504b5c5e39bda0b13c89c2e0.jpg)
“Do not treat security like common cold. Strike a balance between doing it yourself and going to an expert”For instance, in the not-so-distant past, a rudimentary authentication was
good enough because the threat was not there. So if you were comfortable with
that there was no need for encryption. So before the real selection of what to
use is made, it is important to understand what your customer model is.
What is today happening in the desktop world will also happen in the cellular
world. Technology is catching up. In the wired world, however, one does not
depend on a single service provider for all services, while in a wireless world
almost all transactions happen through your primary service provider. This
scenario definitely presents opportunities, but also poses a number of
challenges.
In most Indian cases, security is treated like a common cold. You do it
yourself. But if you go to the doctor, it is he who is liable for your cold. And
it is time that the Indian corporate houses strike a balance between managing
things themselves and going to the experts.
In the future it will very critical for all organizations to have a chief
security officer. This will be driven by a lot of technological changes like how
one deploys security and so on. And there will be embedded security in a number
of components of the network too. And then it will be just a question of how
much you rely on the embedded security.
|
/dq/media/post_attachments/a27afd2f18cd709eb82cce92c34af5bc7f810e9379d981e406f069650aa40249.jpg)
“Ensure that policies and procedures take into account aspects that extend beyond transport of data”/dq/media/post_attachments/adf0a4491cda8218189256b9d57a35431c6ac986af747b8bc827407b91256d31.jpg)
“In the future, itThe challenge starts with what kind of access you are giving to your network.
The level of security from a management perspective is also driven by the fact
that the more you allow access through different channels, different modes, the
greater the challenges as the threat also increases.
The ease of management is what will drive the centralized security systems.
The problems today are multiplying very rapidly and the issue is not that of
disparate systems not talking to one another, but, about ease of use.
Managing is the biggest challenge or nightmare in the security setup.
Policies and procedures have to take into account aspects that extend beyond
transport of data. We must also think about what happens to data after it
reaches a desktop. And that's precisely what the focus should be but the
entire security setup now revolves around technology.
|
/dq/media/post_attachments/58bcd10937b7406e7f16a4d3f2304fab5e219298c61686003a1bc697ac17ccea.jpg)
“You have to understand that security is not just about products; it's a gamut of procedures and policies/dq/media/post_attachments/11cdfab1b9ca06fa6da4e89b2e128faee5c4c86461cf3303d2ea110cb6eccf70.jpg)
“Security technologies must be addressed the management and technology perspective What we must learn to ensure is that operations and control not be managed by
the same people. If, for instance, the same people manage operations and safety
in an airlines, that will be a problem. And this can also lead to a conflict of
interest.
From a management standpoint, one also must understand the business value of
the risk that one is undertaking by not being adequately secured.
Mohit Chhabra in New
Delhi