/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsIt was 10 seconds that shook the world. The 9/11 tragedy was largely about information failure. The calamity led the world to microscopically examine every aspect of information systems that impact personal, organizational and national security.
In this article, the focus is about security breach of information systems in organizations, their primary cause and measures to mitigate them; and why this is becoming relevant for SMBs in India.
The most recent scandal of data breach in US - at TJX, a large chain of retail stores - also points towards insider breach that may have occurred over a period of 17 months!
One of the issues we have seen is that companies make multiple copies (sometimes as many as ten) of their production databases for testing, development, QA and training.
While the production database is kept fairly secure, the full-sized copies have sensitive data in their raw format. And that is the primary source of vulnerability. Besides potential insider threats, these database copies are accessed by the organization's IT partners, including outsourced partners. And if there are tape back-ups of these copies, the vulnerability increases exponentially. The figure below shows what most customers do today.
The problem can be solved if the database is copied and masked automatically before releasing it to the DBAs; and smaller, secure databases are released for future testing. The DBA testing manufacturing application has no need to see HRMS or Financial data.
A recent study by AMI Partners focused on security issues in the SMB sector for India, and projected investments that maybe made over the coming year. The issue of corporate security breach in the country got highlighted when in two separate incidents employees at Call Centres of two different foreign banks stole the information of banks' customers for personal gains.
In another incident, the operations of a large manufacturing company in US was seriously disrupted when its Indian supplier's information systems was hacked by a worm attack.
With Indian IT and ITES, as well as SMBs playing an ever increasing role as suppliers to a global economy, it is no surprise that the pressure is on to increase investments in IT security. Even without the pressures of any foreign parent company or customer, Indian SMBs are increasingly becoming aware of the pitfalls in not keeping their sensitive data secure.
A medium-sized chemicals company in Mumbai wanted to make sure that all the formulae were masked. According to them, their unique formulations gave them competitive advantage. The loss of corporate reputation and confidence with its customers, awareness of the loss of productivity, and regulatory compliance requirements are the primary drivers - according to AMI Partners - for the increased focus on security solutions by SMBs.
AMI forecasts SMBs in India (per them, defined as organizations employing up to 999 employees) will spend up to US$ 161 million on security solutions in 2007.
Indian SMBs would be well advised to look beyond external attacks as insider threats have consistently proven to be the bane of most compromises in information systems. A particular area of vulnerability comes from unsecured multiple copies of the production database, compounded with no data audit features in their enterprise applications.
For competitive, compliance and corporate reputation, SMBs should look to invest with solutions that address the insider threat issue.
Author: Shekhar Das Gupta, COO, Solix Tecnologies