/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsIn an interaction with Dataquest, Thapar talks about security dilemmas enterprises face and what goes into making a successful security policy
How big is the market for security solutions in India?
According to Gartner, worldwide spending on security is expected to rise to $60 bn in 2012, up 8.4% from $55 bn in 2011. Gartner expects this trajectory to continue, reaching $86 bn in 2016. India and China will drive the security growth market. The demand for security products will be driven by the increasingly evolving attack. In fact, in its five key tech trends for 2013, Verizon has predicted that security will be the new arms race. According to us, in 2013, security will move out of the specialist realm and become a mainstream IT must have. We expect identity security to be a much more prevalent issue in 2013. Two-factor authentication is already gaining adherents, but it won't be enough to counteract the increasing amount and intensity of criminal activity pursuing both intellectual property and financial gain.
The traditional approach to security was limited to firewall or anti-virus or anti-spam. But today, the increased mobility, diverse user-base, internal threats, and regulatory requirements, the security scene has become complex. The network access is no more limited to a few trusted employees.
What are some of the best practices that govern a good security policy?
Most companies know what smart policy is and by and large these companies have all the people, processes, and technologies they need. The problem is security over time; everybody is great at becoming secure in a snapshot, but not so good at managing security over a period of time. Basic risk factors can be segregated in three main categories:
Confidentiality, integrity, and availability.
Confidentiality: It is highly vital for enterprises to put strict security policies in place and employ encryption technologies which will restrict business-sensitive data from being misused. This is important when considering the use of these devices in public environments as well as potential accidental situations.
Integrity: It is important to have a strong understanding of the risks involved while exposing communication and access devices to a mobile workforce. A level of professional genuineness and responsibility should also be considered.
Availability: Mobile communications services can become a great concern if the organization is highly dependent on its mobile workforce. For any organization dependent on IT, it is necessary to have a business continuity plan in place to minimize service disruption.
Security measures such as anti-virus/anti-malware and firewalls are now a days considered ‘basic' as far as security controls are concerned. Intrusion detection systems and access control systems could stand a little above them. However, PKI is considered advanced as compared to these systems and hence not every organization has taken the plunge as far as this control is concerned. PKI is both complex and expensive proposition for organizations today; but this is quite important for handling security of data that is considered sensitive and is changing dynamically. PKI ensures that public and private key pairs are used to protect sensitive data transmission and storage. PKI systems are used to manage these keys for generation, distribution, replacement, and revocation in a secure manner.