chat IndiatimesChat Interviews
 Indiatimes >  Chat Interviews Technology   
Site Search
Advanced Search Web Search
Home
Sections
.   Sunsilk Femina Miss India 2003 special
.   Media Net
.   Others
.   Astrology
 Technology
.   Budget 2002
.   Spirituality
.   Beauty
.   Bollywood
.   Business
.   Career
.   Entertainment
.   Fashion
.   Health
.   Lifestyle
.   Newsmakers
.   Relationship
.   Sports
Anil Menon
 

Transcript of live chat with Anil Menon, Sr. Vice President, Operations, SecureSynergy Pvt Ltd on January 15, 2003.


Anil Menon
Sr. VP, Operations, SecureSynergy Pvt Ltd

 


"Technology audits by Indian enterprises are not proactive"

Techie > What are the immediate critical threats to the information security of Indian enterprises?

Anil Menon > The immediate threat would be (lack of) user awareness, user apathy, lack of continuous monitoring and the perception that a firewall is all you need for being secure.

Junky > How prepared do you think are the companies to tackle these threats?

Anil Menon > Recent surveys (eg: the CII PWC reports of 2002) shows that Indian organisations are vulnerable and over eighty per cent did have security breaches in 2001. The growth of threats is an alarming 34 per cent. This is large as we still relatively underdeveloped as far as Internet adoption is concerned.

Geek > Do you think that certain types of organisations are more prone to security risks than others?

Anil Menon > Yes. Organisations that transact on the Net are naturally more vulnerable and if you look at patterns, finance & banking firms, government and B2B shops are more vulnerable.

Whoknowswho > Dear Mr. Anil Menon, can you please tell me what is Managed Security?

Anil Menon > Managed security is a natural evolution of the Service provider industry to serve infrastructure services. Here, an organisation with expertise and infrastructure manages security needs for a consumer or an end user organisation by proactive and continuous monitoring and delivery of services.

Sundevil01 > How aware are Indian enterprises in terms of assessing their IT infrastructure risk

Anil Menon > I think Indian enterprises are aware of risks, threats and vulnerabilities. Having said that measuring risks and finding out how much to invest to mitigate the risks are beyond them.

Sundevil01 > Are Indian enterprises conducting technology audits?

Anil Menon > Yes, they are doing audits. The only sad part is that these audits are not proactive and is done mostly after a breach or to meet certain statutory requirements.

 

Dude > Most Indian companies often make do with just firewall and anti-virus software. Why is that so?

Anil Menon > The root of this is awareness and lack of training. Today, product vendors conduct product training. The need of the hour is training courses tuned to understand security and also evaluating technology with no product bias.

 

Husna > What should be the milestones to achieve for an enterprise that wants to optimally secure itself against the threats to its business-critical data?

Anil Menon > This is dependent on the needs of the organisation. The steps to follow would be to do an assessment of your vulnerabilities, follow up this with a risk assessment, impacts, develop a policy, security framework, implement the same and finally follow up with continuous monitoring proactively and in an anticipatory way. Smaller firms also need this proactive monitoring, while larger firms need more management reporting.

Kewl > How will you consider the need for an enterprise-wide security policy?

Anil Menon > This can be done only by understanding the threats, vulnerabilities of an organisation as well as its future growth plans, mission criticality of its IT infrastructure and the level of transactions with outside world on computer. This will give an estimate of risks, potential risks and also estimate the level of security policy and framework you need to put in place. EG: For a BPO firm whose business runs on IT, you need BCP & DR plan as part of security policy.

 

Alert_man > Is there a need to do an information risk assessment for companies that are particularly susceptible?

Anil Menon > Yes, of course. This will help them estimate the levels of security needed. Finally, security is not technology, but an enabler for business. The Achilles heel for an E-business is lack of security. Hence a RA becomes very crucial to decide ROI's and determine levels of investments.

 

Row > How are risks to critical data usually quantified and dealt with?

Anil Menon > This is done through business loss estimation, reputation loss, cost of data and costs of downtime versus the investment plan.

Melissa > Do you deal in managed security?

Anil Menon > Yes. My organisation SecureSynergy is a leader in Information assurance where managed security is viewed as a very important component to assure security. In managed security we deliver services like vulnerability assessment, firewalls, Antivirus, VPNs, digital certificates etc. in an online continuous model backed by a 24x7x365 NOC, Datacenter and HelpDesk.

 

Kks > How serious is a security threat for small organisations and SOHO segment?

Anil Menon > This is more serious than people comprehend. Smaller organisations and SOHOs can compete with the big daddy's only by reducing cost which makes it imperative for them to harness Internet (transactions, web presence, VPN etc). They can also reach more locations without too much of investment and only (normation) security can help them achieve their e-possibilities.

Sundevil01 > Who are the current market players in the managed security services field in India?

Anil Menon > To me, there are several pretenders and there is SecureSynergy. On a serious tone, there are several players delivering few components of a managed security framework, but none comprehensively to achieve information assurance(which is dependability, performance, availability & security) as SecureSynergy does.

 

Sundevil01 > Indian enterprises should adopt a pro-active approach to security, they need to implement end-to-end security solutions taking into consideration firstly awareness among internal employees, implementing BCP, DR plans, conducting security reviews etc. Comment.

Anil Menon > I agree. I would also add policies and online delivery of security services backed up by continuous and aggressive monitoring.

Chitman > Do you give projects to students?

Anil Menon > Yes. We have just taken one at Delhi. We are always open to knowledge workers who are committed and have passion, focus and ability to execute.

Roger1 > Can you provide managed VPNs and firewalls?

Anil Menon > Yes, we can. You could visit my site at www.securesynergy.com or our service provider site at www.securesynergyonline.com. Also, you could call up any of our offices in India, Middle East, Europe or the ASEAN countries.

Vive > Are the users really prepared to hand over the security of their critical assets to third party solution providers?

Anil Menon > Yes, they are. Having said that, a lot of discussions do take place before users reach such a conclusion. We have seen rapid adoption of this especially in the last 2-3 months.

 

Chitman > Do you plan to give projects in Banglaore and if yes then how can we students contact you?

Anil Menon > Why don't you contact me at the Mumbai office  and we can look at this.

Kks > Is it only post Sept 11 that organisations have started taking security seriously?

Anil Menon > The Sept 11 incident has definitely increased understanding and the focus shown as part of homeland security by US and Indian organisations adopting Internet. All of this has helped.

Sundevil01 > Does securesynergy provide services in physical infrastructure security?

Anil Menon > Yes, it does. Security to us is all about infrastructure.  Must have, not a nice to have. Which is why our signature line talks of SecureSynergy delivering SecureTone the way telephony delivers dial tone to information infrastructures.

Chitman > Do you have an email where we can contact?

Anil Menon > You can reach me on anilmenon@securesynergy.com

Haven > Security is often cited as a major reason why the Internet is not fully leveraged. What is the remedy?

Anil Menon > I could not agree with you better. As I have often said, lack of security is the Achilles heel to achieving e-possibilities. The only way out is raising user awareness through training, managing faults and performance through predictability management, proper security policies and frameworks and back it up by continuous, proactive monitoring and security services delivery. This will help organisations to step out on to the Internet confidently as they will be very close to 100 per cent assurance of information. across the value chain.

Guess_who > In your opinion, what are the three biggest threats to a company's critical data?

Anil Menon > I have stopped guessing!!! Jokes apart, (lack of) user awareness, lack of policies and improper or lack of data backup and disposal.

Runawaybride > Can you give me the details of any certified security consultants in India? Is it possible to get such certifications in India?

Anil Menon > Yes, it is possible. You could visit my company website at www.securesynergy.com for information on this or write to me at anilmenon@securesynergy.com for more information.

Sundevil01 > Does SecureSynergy follow any standards and/or guidelines in developing security policies?

Anil Menon > Yes, we do. We follow BS 7799, ISO 17799 and Cobit standards in addition to several guidelines under legal, regulatory frameworks and also industry needs.

Itsme > Why is it that the security industry continues to be product-specific rather than services-centric?

Anil Menon > This is primarily due to lack of user training and availability of the same in India on generic security technology and also on evaluating technology with no product bias. People are happier with products as there is a physical piece they can see and hold versus service, which is slightly amorphous. Also, we have largely been driven by product vendors without proper evaluation of needs and risks.

Myhomedotcom > Should organisations look at addressing information security as a continuous, evolving process rather than just buy software and hardware?

Anil Menon > Perfectly right. Security is a process. Threat perceptions and severity keep changing, updation windows are shrinking. Hence the only way out is to look at a continuous proactive model and process based approach to security with emphasis on the operational and management part over technical(products) part. Though, all three are important for comprehensive security.

 

Sign Off Message > You can contact me at anilmenon@securesynergy.com and do visit our website at www.securesynergy.com for more information.

 

 

 COMMENTS ON THIS ARTICLE
 No comment has been posted for this article yet.
Back Top
Copyright © 2003 Times Internet Limited. All rights reserved. | Terms of Use