/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsUsha Prasad
The burden of managing unpredictable threats becomes immense for any small and medium business as they often do not have a strong IT support team in place. In an interview with CIOL, Shekar Das Gupta says SMBs should look beyond external attacks as insider threats have consistently proven to be the bane of most compromises in information systems.
Shekar Das Gupta: A dominant trend we are seeing is emergence of disk-based protection technologies. In the past, data were being backed up on tapes. But with enterprise data growing at over 50 per cent per annum and most operations running at 24x7, the time window available for back-ups is shrinking. So companies have been forced to rely on disk-based protection strategies as part of their back-up operations. Virtual tape libraries (VTLs) and Snapshot technologies are seeing the maximum adoption.
While initially this adoption was primarily with larger enterprises and those who are first adopters of new technologies, we are seeing the "innovators" in the SMB segment also buying into them as storage costs/GB is reducing at average 30 percent per annum.
CIOL: What are the major security issues that SMBs are facing?
SDG: Insider breach (like all other companies, is perhaps more in SMBs since they would not have invested into sophisticated Data Audit and access control technologies).
· Electronic attacks: Viruses, Spyware, Worms, Trojans, Phishing; exploiting weak firewalls.
· Hardware thefts including back-up tapes.
CIOL: Do you think a robust security policy is a must for any security initiative to succeed?
SDG: Absolutely. An organization is only as secure as its weakest link. For example, a large manufacturing company in the US, in a particular incident, saved itself from electronic attacks but its operations faced major disruptions when its Indian supplier faced malicious attacks. A robust security policy has to extend to an organization's partners/suppliers as well.
CIOL: Though vendors offer complete security solutions, many enterprises opt for managed services. In your view which do you think is best for an organization (SMB)?
SDG: It works as long as the operations of managed services are themselves secure. There have been incidents of "insiders" in the employment of MSPs who have compromised on their customers' information security. The MSPs need to rely on security technologies available in the marketplace when they are providing their services to their customers, including those in SMB.