Previous Articles >> Phishing in Indian waters TCS in data privacy pact with Stanford University

Related Articles >> Global phishing and crimeware threat map and security blog 'Enterprises should adopt customized security policies'

Read more articles on:

NEW DELHI: In his keynote presentation at the recently concluded 2006 RSA Conference in San Jose, California, Sun Microsystems’ chairman and CEO, Scott McNealy reiterated the need for ‘simple’ security systems in today’s participative business scenario.

“Business in the Participation Age is all about engagement and collaboration. It's about access, transparency, and trust. To be competitive in today's marketplace companies, must change their mindset and evolve their security culture,” said Scott.

According to Scott, simpler but robust security systems can be built following some simple rules.

Rule No. 1

Security cannot be standalone; it has to come integrated with every product that an enterprise uses—from servers, to operating systems, to storage devices, to application layers etc.  “At Sun, we insist that security be designed into the DNA of every product we build. From cryptographic acceleration in our chips, to Containers in our Solaris Operating System, and providing a secure application switch.”

Rule No. 2

Automation and transparency is a must-have for all security solutions. Scott stressed the importance of least human intervention and maximum automation in security solutions. He said, “the less people have to do to enable security, the better. Automate security to make the investment required by the end user less involved and intrusive.” Citing the example of his company’s next-generation tape drives, Scott informed that these tape drives can not only encrypt data, but can also be read only by the drive that has written it, giving a second level of protection.

Rule No. 3

Security has to be built into the culture of an enterprise. Awareness being of key importance, all employees should be educated about potential threats and ways of keeping them at bay. “You must intertwine culture, process and, of course, technology to have a successful security environment.”

Rule No. 4

Enterprises need to adopt multi-tiered approach. The concept of ‘thin-clients’ should be vastly incorporated, and all-important data should rest in the server rather than end user’s laptop. “This multi-tiered approach is transparent and automatic — pop your smart card into a thin client and you have immediate access to everything you're approved for...and nothing you're not approved for,” added Scott.