Advertisment

''SMBs need strong security policy enforced within processes and people''

author-image
CIOL Bureau
Updated On
New Update

With networks becoming the backbone of any business, enterprises cannot ignore the aspect of network security. In an exclusive interview with Usha Prasad, Mohammed Hayath analyses the major security issues faced by SMBs.

Advertisment

Excerpts:

CIOL: What are the prevailing trends in the security solutions sector?

Mohammed Hayath: Today, enterprises big or small recognize security as a key element of the network and an imperative for business success. The investment that enterprises are making in security is being reflected in the growth of security solutions in India.

Advertisment

From a market point of view, the BFSI segment is seeing great adoption along with a strong demand from the IT/ITES and the service provider segment. Additionally, spending from the SMB segment has been steadily growing mainly focused on integrated security appliances and devices.

From a technology point of view, solutions with proactive blocking capabilities are seeing growing traction in India and are expected to overtake traditional IDS solutions. Also SSL VPN and IDP/IPS are important growth area with growing uptake of IPS services offered by integrated appliance vendors.

CIOL: What's your analysis of the trends with regard to SMBs?

Advertisment

MH: In the present scenario, network security is an imperative for all businesses irrespective of their size and scale. With networks becoming the backbone of businesses, enterprises cannot afford to ignore this aspect of their network. Enterprises of all sizes today need to protect their businesses against theft of information, virus outbreak prevention, and application abuse with limited additional cost and manageability issues.

Significantly, many SMBs are going for integrated security appliances that combine a host of functions like anti-virus, firewall, VPN, content filtering, IDS/IPS in addition to providing network monitoring tools. These solutions have been seeing good adoption with the SMB market and also branch offices of large organizations as they offer value for money and ease of manageability.

Cisco's SMB class of solutions, including the Integrated Services Router (ISR) and the ASA family of products, have made deep inroads into the SMB market in India.

Advertisment

CIOL: What are the major security issues faced by the emerging enterprises?

MH: SMBs too have similar set of issues as the Enterprises. The difference is in the scale.

They too have internal as well as external threats, known and unknown threats. Based on their business models, the business impacts and such threats may vary.

Clearly they too need to have a multi-layered security approach for their organizations (maybe in a smaller scale) and ensure they have strong policy which should be enforced throughout - within Processes and People.

Advertisment

CIOL: Do you think a robust security policy is a must for any security initiative to succeed?

MH: Although increasingly enterprises have put a security policy in place, more discipline is needed to ensure that these policies are updated on a regular basis based on the company's need, the current environment and threats.

It's equally important to educate all employees and partners on what the organization's security policies are; what are the DOs and DON'Ts etc.

Advertisment

There is no one-size-fits-all security policy. Every organization needs to define its policy based on the challenges faced by the organization, the immediate and long-term business objectives and focus - scalability, applicability etc.

A Security Policy is like a wheel, which should include the following cogs:

o Assess the organizational security posture

o Assess the impact of a possible security breach and classify

o Define a Security Policy for the Organization

o Test the Security Policy

o Implement the Security Policy

o Continuously monitor and refine the Security Policy - the review process should be periodic in nature

CIOL: Though vendors offer complete security solutions, many enterprises opt for managed services. In your view which do you think is best for an organization?

MH: Given the fact that companies of all sizes depend on their networks for vital daily operations, security has become a priority - globally and in India. And because the complexity of ensuring data and network security is rising, many companies -especially SMBs - do not have the expertise or resources to implement and manage solutions themselves. This is where managed security service providers are seeing a huge opportunity to help enterprises deploy and manage security and VPN solutions by out-tasking all or part of their security infrastructure.

Based on the business models and business requirements of these end-customers, they can have an attractive TCO (Total cost of ownership) for such solutions offered by the MSSP.

Advertisment

CIOL: What security solutions does Cisco offer?

MH: The Cisco Self-Defending Network (SDN) strategy describes Cisco's vision for security, which is a holistic approach for any Enterprise whether small, medium or large as well as for the Service Providers.

In the past, threats from both internal and external sources were relatively slow moving and easy to defend against. However in today's environment, where Internet worms spread across the world in a matter of minutes and seconds, security systems -and the network itself - must have proactive and adaptive mechanisms to mitigate any risks.

There are three principal characteristics of the Cisco SDN:

· The integration of security throughout all aspects of the network

· Collaborative processes between the various security and network elements including end hosts

· The ability of the network to adapt to new threats as they arise and mitigate them accordingly

The Cisco networked-based strategy allows you to use your existing investment to solve your most pressing security concerns today, while providing an architectural platform that can evolve to proactive, automated, real-time management of threats

The building blocks of Cisco integrated security solutions include products and services under the following categories-

· Anomaly Detection and Mitigation

· Endpoint Security including Host Based IDS/IPS

· Network Admission Control

Firewall

o Firewall Appliances

o Firewall Integrated Switch/Router Services

o Firewall Management

Identity Management

Network Intrusion Detection/Prevention Systems

o IDS/IPS Appliances

o IDS/IPS Integrated Switch/Router Services

o IDS/IPS Management

Security Management

o Device Management

o Management Applications for Provisioning and Monitoring

o Security Information Management including Correlation

Virtual Private Networks (VPN)

o Cisco VPN Clients

o VPN Appliances

o VPN Integrated Switch/Router Services

o VPN Management