Trending security concerns and few ways to avert itExperts gave their opinions focusing on Identity and Access management and Security Intelligence Author : Sanghamitra Kar September 24, 2014 0
BANGALORE, INDIA: Every organization today is always concerned over their security and what they can do to prevent the damage and the adverse affects of it. Investments are being made but the concern that remains is, is it enough? Are we in the right track?
Addressing the trending security problems in CIOL security event, experts gave their opinions focusing on Identity and Access management and Security Intelligence. They also gave insights on the other tangled security issues.
Pallab Talukdar, president-India and Middle East, Aujas Networks, said: “There is nothing like 100 percent security. And today it not anymore a question will I get attacked, it is a question if I get attacked what do I do? The dimensions of it are making it more complex. The sizes of the organizations does not matter anymore, all are equally vulnerable.”
He added saying there are two pillars of security, process and people. And with the growth of social media these are few extended dimensions which needs to be addressed. He added saying that to be able to filter all the noises, right judgement, setting the right baseline, context is significant or you will lose the right information.
Ankush from Aujas explained that it is more important to know that you under attack to be able to respond it. Also another important concern that he pointed was “ghost accounts” which at times cannot be identified.
Identity access management is becoming a buzz today. It helps you find who have access to what. Also the work of help desk which is quite usual and predictive, can be automated, he added.
Roshan from IBM said: “Every device today is generating data and there is data explosion. Today, security is not about being reactive. We should ensure not only remediation but also predict. The technology should be built on intelligence, should integrate with environment, automation. A technology should be simple to use and it can predict on security perspective.”
In an interactive session, while outlining the different aspects related to security, Narendra Subramaniam, CIO, United Spirits Ltd, explained that one of the key problems that an organization faces is budget for security. It is always a rough terrain to explain the cons and enhance the budget for firewalls. Also, he pinpointed that the only problem articulated is IT access. Physical access, is quite undermined and needs to be controlled. Open office is critical yet not addressed.
On the other hand, Vaidy Vaidyanathan R Iyer, CISA, CISM, business unit executive, IBM, said: “You have to create awareness on security. If you violate a process, the implication is on you. We should change culturally first, technology is much later. Process, people, technology, should be the order of priority.”
Ashish Chandra Misra, CISO, Tesco HSC, Tesco, said: “Today, its about prioritization. We have finite time, finite resources, so we need to tackle. The two things now are prevention is not enough and SMACK is what we need to deal. The average age of detecting breach is 400 days. So we have to predict. Now the time is, where there will be more specific attacks. Articulate the visualization to the management. Because once breaches stops making news, it will be a fearful scenario. Protect yourself against, ‘ It cant happen to me’ syndrome.”
Security vulnerability although is alarming, little measures are being taken to cope with it. Right step at the right time might just help to prevent the next attack.