/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE: While outsourcing of IT infrastructure management has gained acceptance in India, the same cannot be said on the trend of enterprises letting a third party service provider manage IT security.
This aspect was highlighted at the CIO summit on the topic “Managing IT for the enterprise,” organized by the Dataquest magazine, here today.
Majority of the panelists felt that security is best managed in-house. “One of the critical parameters that our customers look at is how we manage security. So it is much better to control security in-house,” said Gajapathy, CTO, Transworks.
Sanjay Bosco, regional sales manager, Portwise, also echoed same sentiments saying that by outsourcing security management, enterprises may not be complying with statutory requirements of both their customers and themselves.
Providing the service provider perspective, Iwire Networks director Mathew Jacob said, “We as partners have to put security processes in place. But beyond that, it is difficult to manage securities because there are no security specific SLAs. A lot of issues need to be addressed such as how does one measure vulnerabilities.”
Providing a different viewpoint, Mukt Bihari, additional GM-IT, Indian Telephone Industries, opined that there was no point in enterprises outsourcing IT infrastructure minus security.
Another aspect of security that CIOs agreed on was that an integrated security system was not the solution for IT security. “We don't look at an integrated system because it makes the system vulnerable to attack. So we prefer a multi-vendor scenario,” said Mithis Chitnavis, AVP-IS, MphasiS.
Adding to this view, S Sridhar who heads IT at Hutch said, “Network vendors seem to be in an inclusive mode. But they cannot include everything in a box. However it would be good to have a security dashboard for alarms and alerts.”
“MphasiS (which went through a tough time following the security fraud perpetrated by some of its employees), is looking closely at the critical security threat of social engineering. This is our biggest concern and we are focusing on how to reduce this,” said Chitnavis.