Advertisment

Security a serious business, but more awareness and action required

author-image
Sharath Kumar
New Update

BANGALORE, INDIA: The number and types of security threats are rising exponentially and continue to get worse. Some major causes for this are the very IT buzzwords that are a part of every CIO dictionary today-Cloud Computing, Mobility, BYOD, Social Media, etc.

Advertisment

Preparing an effective information security strategy and mapping it with the organization's business goals is therefore the need of the hour. New technologies like BYOD, Cloud are adding complexities in enterprise security. So how is technology affecting the security landscape ? How do companies frame a right security policy? Does security always come at the cost of business agility? How should a company go about in introducing effective security policy?

Experts tried to answer these queries and more for CIOs representing companies from in and around Bangalore at the Enterprise Security Summit 2014 jointly CIOL and PCQuest here.

 

The panel discussion was opened by DataQuest Editor TM Arun who sought to know how the CIOs felt about the ever changing security landscape and what do they think were the top challenges for them?

Ashish Mishra, CISO , TESCO was of the view that new technologies have revolutionized the way companies do business today while it has also imposed several security challenges. While mobility brings its own benefits it also means data can be anywhere and thus bring new security challenges. Similarly, while companies want to harness the Big Data for analytics which can be used in decision making process. The very fact that the a vast amount of data is now at a place can be a matter of security concern. "So each one of these technologies bring in different challenges. But, the key is to be open as much, "Mishra stressed.

Advertisment

The TESCO CISO also noted that there is probably no company that has not come across security incidents. "So it is not  just about being preventive. but being able to detect as soon as possible and stem off the threat.: It is also not not a good idea to impose policy on using particular types of passwords as such measures can become counter productive.

Join in was Sridhar Saranathan, Virtual CIO and Independent consultant who from telecom companies perspective pointed out that rapid growth of the industry, from just just 2 million subscribers a few years ago to around 700 million subscribers currently, has imposed a daunting task on the companies.

 

Telecom companys security policy books run to 800 pages and more and the policies are also regular reviewed. The challenges are enormous particularly for telecoms as they operate in multi partner environment and ever expanding networks. "If a teleco itself is vulnerable how will it be trusted.  So telecom companies have to be more responsible and pro ctive, he suggested.

Security and Awareness

Advertisment

In reply to a query on awareness levels on security in different industries S Narayanan, CIO, United Spirits,  said he was of the view that generally businesses do not understand security. In such a scenario, a CIO can ensure security by identifying at least the basic minimum things. "Each situation demands different approach. Fear of threat always doesn't work and you (CIOs)  have use different situations to sell/ adopt technology. It's important to take the business along", he added.

Dr Harsha, CIO and Chief Security COnsultant, HKIT, threw light on some interesting facts about security awareness by stating that security auditors find 80 per cent of the breaches happening due to lack of awareness or compliance and technology is responsible in just 20 per cent of the cases.

Dr Harsha also pointed out that in most cases auditors do not find traces of breach due to lack of prevent steps that enterprise need to take.

Advertisment

 

Nandkishore Dhomne, Group CIO, Manipal Health Enterprise stressed on the awareness at board levels. He was of the view that the Health Care industry handles sensitive information of hundreds of patients and there was a need for round the clock security.

"The challenges in ensuring security are much more complex as medial officers today want to access  to  information on the move and on different dash boards. So there is an increased pressure on IT departments in industry, " he added.

Darshan Appayana, CIO, Happiest Minds was of the opinion that security problems creep in as networks are getting redundant. He was of the view that it would not be rite for a company which has adopted BYOD to monitor data on the systems. The companies should rather look at traffic pattens to defend themselves, he suggested.

tech-news