|
Event
CII debates IT security
The IT Security Conference 2005 was organised by
the Confederation of Indian Industry at Mumbai recently. Priya
Jain reports.
|
|
|
At the CII conference on IT security, from
left to right, Sudhir Trehan (CII Western Region), Venugopal
Iyengar (TCS, ISACA), Virendra Gupta (Director, CII) and
Ganesh Natarajan (Zensar) |
An unprotected IT infrastructure is susceptible to
information theft. It can hit any business that aims to be
competitive, and impact business operations, corporate reputation,
and customer and shareholder trust. IT companies allocate
substantial resources for their IT security programmes. However,
non-IT companies still have a long way to go when it comes to IT
security.
The Confederation of Indian Industry (CII) took up
this critical issue and organised the IT Security Conference 2005 at
Mumbai when it released a report on the ‘Information Security
Programme’ based on research conducted across 70 sectors of Indian
industry. According to the report, financial data is accorded top
priority by 62 percent of the respondents when it comes to IT
security.
During the conference, eminent speakers from the
industry addressed IT security issues related to technology and
business operations from an industry and assurance perspective.
According to Ganesh Natarajan, CII Conference Chairman and MD of
Zensar Technologies, “A minor e-mail breach can cost thousands,
while a major data security lapse can cost crores—besides the
embarrassment and loss of confidence that it causes.” 60 percent of
IT security breaches go unreported for reasons ranging from legal
implications to the erosion of stock values. On the recent IT
security breaches at BPOs in Gurgaon and Pune, Natarajan said,
“Though information security measures employed by Indian companies
are on par with the best in the world, incidents such as these can
occur anywhere.” He also insisted that the existence of a continuous
security programme is a necessity today.
Statistics from the study highlight that 38
percent of companies lack an information security policy, 71 percent
have no security process certification, and 30 to 35 percent have no
business continuity or disaster recovery plan in place.
| Reality check: global scenario |
- Everyday, about ten new
software vulnerabilities are reported, and five critical
security patches are released
- 20 new viruses and worms are
released everyday
- Corporate
spying through network penetration is becoming common, and
cyber crime is rising at an alarming rate
|
The survey also revealed that only 61 percent of
enterprises have invested in a business continuity plan. 60 percent
of them club investment for protection, while 86 percent of
participants said that this investment was planned based on the
requirements identified by the enterprise. More than half the
respondents confirmed that their investments are vendor- and
consultant-driven.
|
There are no standards to
business continuity management. The hunt is still on.
Compliance is the road to assurance. You can have your own
road |
Speaking at the conference, Venugopal Iyengar,
Head, eSecurity Consulting, TCS, and Vice-president, Information
Systems Audit and Control Association, said that security is not an
independent system; an interface has to be integrated within the
overall operations of a company.
On front-end and back-end technologies, Vivek
Gupta, Security Consultant, IBM, commented that the threat to a
company’s information is not only from the Internet but can also be
internal. “The recent deluge in Mumbai has shown that the threat to
information is not only operational but also physical. Today, IT is
a force and performance multiplier, but one cannot deny the multiple
vulnerabilities that come with it. Thus, to meet the increased
security expectations, organisations need to acquire a security
framework. You need to discipline security management and pull up
your socks now to safeguard your tomorrow,” Gupta said.
| Reality check: India |
- Security
breaches are rapidly increasing
- Most
of these breaches are perpetrated internally, often by
disgruntled employees
|
Rajendra Dhavale, Consulting Director, Computer
Associates, pointed out that more security does not make an
organisation more secure—better management does.
On the other hand, Akhilesh Tuteja, Director, KPMG,
expressed his concern about the ignorance in the industry by stating
that IT security is often an afterthought. Charanjit Singh Sodhi,
National Manager, Client Solutions Group, SecureSynergy,
remarked that, "The right kind of control is needed from people
for the successful implementation of IT security solutions,"
and Anantha Sayana, Head, Corporate IT, Larsen & Toubro, opined,
"IT security shouldn't be such that it prohibits or prevents...it
should provide business convenience."
While talking about RFID application in
conjunction with surveillance systems, Rohinton Dumasia, General
Manager, IT, Great Eastern Shipping stated that certain critical
issues inhibited the use of RFID. He alerted the audience to
security issues such as cloning, illicit tracking and illegal
scanning of RFID tags. He suggested that certain global policies
must be adapted for secure and successful implementation of
RFID.
Advised B R Jaju, Chief Financial Officer,
Crompton Greaves, “Investments towards IT should be customised
according to a company needs.”
With companies moving from mass production to mass
customisation and increasing their reliance on IT, IT security has
become crucial for them. “Information security is a big concern for
every organisation,” noted Sudhir Trehan, Chairman, CII Western
Region. Rajat Mohanty, CEO, Paladion Networks, expressed a similar
opinion by saying that business-critical applications are opening up
due to the extended enterprise.
The overall mood was perhaps best summed up by
Iyengar when he said, “There are no standards to business continuity
management. The hunt is still on. Compliance is the road to
assurance. You can have your own road.”
mailto:priya@expresscomputeronline.com |
