/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Hackers today are continuously inventing and using new methods of stealing data. They are more aware of the security architecture or vulnerability that the IT infrastructure of any organization can have. They have the courage and skill to penetrate through the best and most advanced security systems of the world.
In recent past, whether its FBI, or White House, Facebook or Apple all have been the victim of such hackers. It is always a tradeoff between the security systems of an Enterprise to be easy to use on one hand and sufficient enough to tackle and monitor today's sophisticated threats to the IT resources of any organization. Complying with the security policies and standards is everybody's responsibility. The creation of a secure IT environment is not just the responsibility of the organization's IT staff. Everyone in the organization has the responsibility to respect and comply with the corporate security policies and rules.
The success mantra for any enterprise security solution can be summarized into following aspects;
- Confidentiality- The security solution should be capable enough to protect against unauthorized disclosure of information or data stored on the computers.
- Authentication-The security solution should be able to monitor, log and track origin of data and identity of persons.
- Integrity - The security system should assure that the information stored on the systems or transmitted over the network cannot be tampered with and if at all it happens the solution should be capable enough to detect, log and notify the administrator.
- Availability - The system should ensure that the data stored on the systems or the Data servers is accessible from anywhere and everywhere, irrespective of the location and device of the users.
General Tips and Considerations
1.Manage and track down IT Assets-The security solution should be capable enough to manage, monitor and track all software and hardware resources that are in use by the employees within the office boundaries or asroaming user through a single unified console.
2.Focus on securing applications and resources, not devices - More and more organizations motivate and facilitate employees to access corporate applications from their mobile devices for work-related functions, such as email and other collaboration tools. Businesses should focus on securing the applications in use rather than devices, which enables users to access an app from any device without requiring hardware control.
3.Isolate critical servers and devices -Move sensitive and critical servers and devices on to their own security networks that are not accessible except virtually or by specific machines.
4.Adopt SIEM -The security system should support Security Information and Event Logging on a real-time basis for stringent policy and security management.
5.Automatic update critical Windows Patches - To ensure your systems are up-to-date with the right patch levels, the system should frequently check and download updates from Microsoft to avoid chances of any vulnerabilities that arise because of it.
6.Data Encryption and Backup- Security solution in place should facilitate encryption of confidential data stored on systems, server or network that will prevent misuse of data when data leakage takes place through unauthorized access or hacking attempts. Data backup is also equally important to facilitate recoveryof lost data that can happen due to human negligence, system failure or file corruption, as a part of disaster recovery mechanism.
7.Centralized Policy Deployment -Gone are the days when the administrator would ask the employees to work securely with their data and their systems. With highly advanced security systems of today's world , you should be able to categorize and deploy security Policies for the employees on the basis of departments, groups, work or as desired through a unified control and monitoring system for easy, comfortable, and effortless security management.
8.Secure Devices - BYOD (Bring Your Own Device) is a huge trend in corporations, where employees and other users are allowed to access the corporate network using a wide range of personal devices. BYOD has wide appeal because employees value the convenience and ease of use, while businesses recognize that it allows their staff to be as productive as possible. With the proliferation of the BlackBerry, iPhone, and other mobile devices, more of your staff is working away from the office-and away from the protection of your network security. They are operating "in the open" on your customers' networks, public networks at coffee shops, or free networks in the park. It is important to ensure that their mobile technology, often connected wirelessly, is as secure as possible.
9.Proactive or Reactive -Your strategy has to focus on continuous improvement of both the reactive kinds of security (what to do in the event of a suspected breach, how to improve security after figuring out how the breach occurred) and the proactive kinds (staff education, network security systems and services, audits). It will require selection and investment in right kind of security solution that matches, if not all but most of your IT security requirements. There has to be a perfect balance between what you require out of a security solution and what it provides you.
10.Define the who, what, where and when of network access - Using the advanced use of technologies like SNMP, NAC, and NAP. The security system should be capable to MAP these aspects for securing the network, systems and IT infrastructure of enterprise.
(The author is managing director and CEO of eScan)