Advertisment

Technology cannot guarantee security

author-image
CIOL Bureau
New Update

GURGAON, INDIA: As is the case of Newton's Law of Motion, to every technology there is an equal and opposite threat! So naturally, it is not that simple to ensure enterprise security with the help of technology alone.

Advertisment

What the enterprises today require is a mindset to protect their data and an environment with strong culture along with zero tolerance for any loophole discovered, said the security experts at South Asia Enterprise Security Summit 2009 here on Tuesday. Implementation of security solution alone cannot ensure data security to enterprises, they said.

“Most of the security breaches happen from within the organization and these breaches can happen at multiple spot. Security issues are becoming complicated day by day. You don't know from where it comes. Probably more than 80 per cent of breaches in Indian context are happening within the organization. It is a very disturbing number,” said Aditya Sapru, senior vice president - strategic alliance, Frost& Sullivan, Asia Pacific.

Frost and Sullivan in its recent survey has found that regulatory drivers are the major ones for adoption of industry best practices. Information security being on highest priority, majority of adopters of IT security solution falls in this segment in India.

Advertisment

According to this survey, BFSI segment is the top vertical in terms of adhering to any regulatory compliances. Government sector is more focused on IT regulations laid by Government bodies. Export firms focus more on specific compliances followed in the countries they export.

Its findings also say that the pressure to demonstrate compliance with regulatory mandates has continued to increase over the past several years but level of adoption is still low in India as expected.

In this survey F&S has found that 83 per cent respondents view business continuity planning to be their topmost priority, followed by network security and content security such as anti-virus, e-mail/web filtering. 'Compliance consulting and monitoring’ and ‘vulnerability assessment and remediation’ held the bottom-most position.

Advertisment

The findings of this report state that in response to IT compliance challenges, firms are attempting to minimize fragmented initiatives, automate audit procedures and IT security controls to reduce labor and consultant costs, and increase the frequency of internal audits to sustain hard-won compliance profiles.

Captain Raghu Raman, CEO, Mahindra Special Services Group observed that organizations need to have 360-degree approach towards security.

“There are unlimited ways possible for a threat to come. Out of these possible ways a fraction of it occurs and not all threats are detected. Further, out of these detected threats not all are reported,” said Raghu Raman.

Advertisment

“In many cases action is not taken on reported threats. Therefore investing heavily on technology does not ensures security. The person posing threat is interested in effects and will enter from the way where he finds loophole or weak security,” he added.

Nitin Wali, lead strategic alliance, VeriSign India said that simple controls within the organization can prevent more than 87 per cent frauds taking place within the organization.

“In 2008, there were data breaches worth $4 billion across the world. In this, 52 per cent of data breaches involved insiders and partners. By implementing simple control 87 per cent of these frauds could have been prevented,” said Wali.

Advertisment

“Security is like insurance and organization should see it with that mindset. It is an ever-evolving practice. Government of India is coming up with regulation that will mandate key banks to go for better security level but it has to be adapted everywhere,” he said.

Adding to this Laxminarayn Bhat, director, product management and business development, APAC, Enterprise Wireless and Security, Symbol Technologies India said there are enterprises that are concerned for their customer data across the world because they have realized the importance of data loss.

“According to a Gartner report every compromised record costs between $200 to $300 in market. US has mandated implementation of wireless detection mechanism. In India also we can further add and modify cyber law, like Payment Card Industry regulation which some country including US mandated, to face modern threats,” said Bhat. 

tech-news