|
Information Technology is pervasive —
it moves your business; very often aspects of your personal
life, it facilitates transactions, creates a responsive organisation,
enables customer- and partner-interactions, and creates competitive
advantage for the corporation. As fundamental as IT is to
business, information security is equally critical to survivability
of businesses in today's Digital economy.
The role of information security has changed across the past
few years. Traditional definition of protecting networks and
the Datacenter has undergone a shift in focus resulting in
enablement of businesses with security solutions actually
moving your business forward or even to the next step. Security
is now lifestyle. A must-do for survivability of businesses.
Wherever the network goes, security goes. Improving customer
acquisition, extending businesses, growing mobility of the
workforce and a global workplace are all facilitated by Security
frameworks, processes and solutions.
No longer can security be an afterthought. Increased need
for efficiency and productivity, reducing costs, reaching
multiple markets and faster time-to-market are few of the
business benefits which are driving organisations to make
security a part of the organisational DNA.
The opportunities thrown up by Security to CEOs and functional
heads bring in enormous challenge to IT administrators. And,
the Achilles heel to such an internetworked Enterprise becomes
Information Security or rather the lack of it. Cyberspace
is no place for the unwary especially in an increasingly competitive
world. This challenge confronts both large enterprises as
well as Small Medium Enterprises. As a variety of security
threats, new vulnerabilities, new technologies, convergence,
market focused processes threaten to swamp traditional IT,
you need stability amidst change — you need a new way
of doing security which accelerates the organisational extensions
and growth. A new way of implementing, managing and doing
security which has the flexibility to accommodate change and
to adopt emerging technologies.
While the Internet offers tremendous value by opening up new
levels of integration with partners, suppliers and customers,
it also exposes business systems to new forms of malicious
attacks. In the era of unbounded networks, Security boundaries
have blurred where data flows across the information Value
Chain. In addition to that, new threats have emerged as also
the quantity and virulence of attacks. As long as technology
continues to evolve, malicious code will be right behind.
The nature of viruses, Trojans and worms makes it virtually
impossible to stop infiltration completely, though there are
ways to reduce, if not eliminate it.
However, most companies do not have sufficient IT staff to
keep patch levels up to date, therefore allowing even known
vulnerabilities to remain exposed. Security is a moving target
— it is physically impossible for any organisation to
monitor, analyse threats, manage and act upon them on a 24x7x365
basis. Signatures, Patches, and DAT files must be updated
regularly to eliminate false positives, eliminate vulnerabilities
and to ensure detection of the latest intrusions and exploits.
These tasks are not just time consuming but also require highly
skilled security analysts who must stay apprised of any new
threats and techniques. In addition to being expensive and
often ineffective, providing constant vigilance in-house is
management intensive and can distract an organisation from
its core business.
A resilient and future-proofed IT infrastructure is mandatory
for organisations for which predictability is the most critical
component. Predictability is an amalgamation of Reliability,
Availability, Manageability and Scalability backed by performance
management.
The progression from data to information to knowledge to intellectual
is tough to accomplish. While security threats are increasing
in leaps and bounds, security professionals are far and few
between. In fact, the biggest missing link in security is
the absence of trained and certified professionals in most
geography. Security encompasses not just systems but people
as well. And, education, does not stop at the IT manager alone,
but also needs to extend to all users as they use Networked
services to transact, as also the policy maker who needs to
discuss and decide on business extensions.
Well designed IS security policies and professionally implemented
security architectures cannot by themselves assure the security
of your information assets. People are at once the weakest
links and the strongest defence to secure the information
assets of any organisation. While information security touches
every major aspect of operations, insufficient awareness and
understanding of security amongst people is a major cause
that undermines security.
No single product or service can comprehensively address the
possible security threats to your IT infrastructure. Maintaining
effective security is a continuous process that identifies
assets, analyses threats, and defines acceptable levels of
risk. Strong, enterprise-wide security demands solution and
technologies that bring in a combination of online technologies,
processes, practices and trained people.
|
