Advertisment

CIOs take on security threat management

author-image
CIOL Bureau
Updated On
New Update

MUMBAI, INDIA: The first-ever sponsored event of the CIO Klub was recently held in Mumbai on 15 July. Theme of the event was 'Security Threat Management'.

Advertisment

A large number of CIOs from various top organizations in Mumbai were present at the event, along with CIOs at the event in MumbaiSuresh Vedula, Head Business Mobility India, Ashok Madanhalli, Director, Product Management security and mobile connectivity, and Shakeb and Arvind Ahuja, Product Manager From Nokia.

GM Shenoy from NSE IT, Sudarshan Singh from Cap Gemini, Sunil Mehta from JWT and Ashok Madanhalli participated in panel discussion.

Topics discussed in panel discussion (Enterprise Threat Management):

Advertisment

1. What are the challenges today in managing information security?

2. Whether “perimeter security” has lost relevance?

3. Whether compliance adds value to security and how?

4. What should be strategy for end-user security awareness?

GM Shenoy: (Moderator): For effective information management, there are three vital components: Technical security, policy and procedures and organizational culture. Lately, a fourth aspect of security management, compliance has come to the fore.

The corporate assets today do not consist only of servers and workstations but laptops, PDAs, etc. On the other side, the sophistication of attacks has increased, thereby making maintaining security very complex.  All of these three aspects of security need to be equally good.

Advertisment

A view of the panel discussionAshok Madanhalli: (Member, Nokia): The traditional way of maintaining information security may not be order of the day in the near future due to changes in attack pattern.

To counter blended attacks, the security products and technologies are also converging and therefore, new generation of security technologies are evolving .We observe that with every new tool in IT infrastructure, new security requirement or product comes up, which is not a healthy thing.

We need universal security technologies to prevent incremental procurement and installation. Some of the new generation security technologies, like enterprise threat management are based on this concept.

Advertisment

Sunil Mehta: (Member, JWT): The most effective catalyst in information security is management support and “tone from the top” put many things in place. The end-user’s behavior is greatly influenced by his/her seniors. There is a constant fight in choosing the most secured device vs. the most latest device from the end user. Perimeter security, which otherwise takes low priority, is of utmost importance and any lapse on it may circumvent many strong technical controls in place.

Sudarshan Singh: (Member, Cap Gemini): With the growing heterogeneity of assets, attack methods and proliferation of new business tool (based on Web 2.0), the challenges are new and tougher. The countermeasure deployment mechanism, patching up the system or signature update on A/V, IDS or IPS is time consuming and if you have to manage large IT infrastructure, it inherently will always ends up in opened risk window for any enterprise. Security technology should evolve to plug this gap, may be through by bringing more matured solution on behavioral analysis and policy enforcement.

Further, the security products: be it firewall, IPS, IDS, end–point work in silos and not able to take benefits of information with themselves; they should work in collaboration to secure an organization. Compliance adds value as it comes as by-product of risk assessment by more informed apex body and it brings entire ecosystem to a common standard security platform for an industry or geography. End user awareness is most critical in ensuring protection of assets, but also most difficult to achieve and measure.

Held at the Grand Maratha Sheraton, Mumbai, the event was sponsored by business mobility division of Nokia, India.