INDIA: When a top security guru who has worked with the President of United States is invited to talk at an event, you expect to hear spook stories of men in dapper suits chasing other men in even more dapper suits. But that was not what Howard A Schmidt had to say at the Information Security (Infosec) 2008 Conference held in Mumbai. In fact he paid a lot of emphasis on the importance of information security in each and every aspect of any business environment.
Why is security so important?
Most of the speakers at Infosec'08 talked about how IT security is not new for any business, but how proper deployment of security plays a very crucial role in the success of any organization. Pointing to the importance of security, Schmidt said, “30 percent of most companies have no clue about security, while 50 percent know about the existing security threats. Recognizing where the problem lies and finding the required solution can avoid major disasters of entire systems on the network crashing.”
Raghu Raman, CEO, Mahindra Special Service Group talked about how most companies fobbed off IT related responsibilities entirely on the CIO or CTO. During his presentation Presenjit Shah, VP and Global Head-Enterprise Security Solution, Wipro pointed out that most small and medium businesses (SMB) think they are small companies and therefore might not come under any risk. It is imperative that they understand the risk profile in a network or else their business would change drastically. This is precisely where risk management is needed.
Throw away the RoI calculator
In his presentation Akhilesh Tuteja, Head-IT Advisory Practice, KPMG touched upon the need for SMBs to go beyond RoI calculation when it came to budgeting for security. SMBs have a stereotypic mindset when it comes to making investment for security solutions expect that every investment should get adequate and immediate returns. What they need to bear in mind is that there are some exceptional cases, where an investment may not result in immediate returns, but will definitely show results over time.
Howard A Schmidt
Tuteja also said there is 12 percent increase in the deployment of anti virus solutions while the out breaks are 29 percent. Plus, while there was a 6 percent increase in the usage of firewall while there was a 10 percent increase in intrusions into the network.
Here is a gap between the solutions deployed and the rate of offense occurrence. “To trim down the frequency of disasters, it is important to reduce the gap between deployments of solutions and the frequency of information breach,” Tuteja advised.
Info-security: a basic hygiene
A Dhananjay, Chief Compliance and Risk Officer, Aditya Birla Financial Service put security of information in a different light. According to him information security can't be treated as an investment sector. It is a basic hygiene factor. He expressed his own different opinion about info-security. He said, “One key success factor to avoid information breach is controlling people. How tightly an organization maintains its manpower is going to play equal role in avoiding crimes.”
First aid
Most speakers at Infosec 2008 concurred deployment of an IT head is a better idea for risk management. Having an IT head who is available to the company at all times, will ensure that the system is up and running continuously. Infosec 2008 put light to the darker sides of info-security management. The presentations delivered by experts in different verticals of security were eye-opening as it shed light on the need of deployment of security solution at all levels of an organization.
The event showcased how solution providers should shoulder the responsibility of educating their clients about info-security. At the same time, SMB participants got a first hand account on the importance of having the right security solution mix within their network.