|
|
|
|
| Read more articles on: |
|
|
 |
|
Indian enterprises are aggressively adopting new emerging security technologies.
CIO View: Outside the BFSI (financial services) community are a few scattered deployments. But emerging security technologies mostly remain in the realm of marketing-speak, as enterprises still grapple with developing a security framework..
Implementing emerging security technologies like biometrics, cyber forensics or complex encryption algorithms may sound glamorous, but ultimately these might not achieve anything unless they address specific requirements of individual enterprises. Rather than focusing on emerging technologies, the need of the hour, feels Chitnavis, is to concentrate on the social engineering aspect of security.
He illustrates the fraud case in his own organization, MphasiS in Pune, to drive home his argument. "Social engineering would ensure maintaining the basic proper security environment inside an organization like a paperless office. We do have features like biometrics, but not such technologies but proper social engineering instead that would ensure such frauds are not repeated." Agrees Gajapathy, "All BPO companies have taken the cue from the MphasiS experience. Enterprises might consider many technologies but the imperative is that users should understand the dos and don'ts of these."
The point is, even if an organization has a security policy in place and deploys technologies fitted around the policy, it has to see whether the processes are being strictly adhered to or implemented properly. Sridhar argues that a framework for security implementation helps, especially in the case of telcos. "We already have many of these new technologies in place, so it is more important for us to have a proper framework." Agrees RP Dhumasia, GM-IT, Great Eastern Shipping Company, "Security cannot be handled only with technology, but the basic need is how you educate your people in the organization."
Bottomline: Technologies come and go, but enterprises today are looking closely at the critical security threat of social engineering. "This is our biggest concern and we are focusing on how to reduce this," echo most CIOs.
Integrated security appliances are becoming the norm in Indian enterprises.
CIO View: They do have benefits and may become tomorrow's flavor. But CIOs are treading cautiously today, worried about becoming guinea-pigs.It is true that some integrated appliances are being deployed, but it is still happening only in cases of entry-level products like anti-viruses and firewalls. Most CIOs are still looking carefully at integration, albeit with a twitch of suspicion. Gajapathy asserts that integrated appliances sometimes compromise some of the business processes. His recipe: decentralize processes or applications and have different levels of security in different layers and then you can think of deploying integrated appliances in the less crucial layers.
Many CIOs still prefer the multi-vendor best-of-breed approach-a single unified platform might lead to single repository of information leaving it open to all sorts of vulnerabilities. Jacob suggests that SOHOs can do well with an integrated approach as that would bring down both their capex and opex costs. In fact, even marketing pashas of vendors try to sell an integrated approach to vendors by highlighting the cost benefits, but smartly hide away the fact that vulnerability in that case can jeopardize the complete business. "We do not look at an integrated system because it makes the system vulnerable to attack. So we prefer a multi-vendor scenario," asserts Chitnavis.
Apart from costs, there are other benefits of integration too-a unified threat management solution prevents from too many logs getting generated that otherwise becomes too complicated to reconcile. "On the other hand, an integrated appliance is more manageable," asserts Jacob. However, Jayachandran warns that this will be possible only when enterprises develop a framework that supports all these multiple solutions integrated together.
The integrated vs best-of-breed debate takes an interesting turn in light of many network vendors like Cisco or Nortel today embedding security appliances or functionalities within their network devices. However, Sridhar derides this as a complete marketing gimmick aimed at increasing business for the vendors and solving no purposes of the CIOs and their organizations. "Network vendors seem to be in an inclusive mode. But they cannot include everything in a box. However it would be good to have a security dashboard for alarms and alerts," he opines.
Bottomline: network vendors show some security features embedded in their devices to CIOs as carrots. Once the organization gets hooked on to the particular vendor, they come up with some entirely new products which not only impacts the capex but could also turn out to be a risky proposition for businesses.
|