Biztech Aug 1, 2012
What are the emerging security challenges posing a nightmare for the CISOs?
The evolution of trends such as BYOD, cloud or mobility has given not only CISOs but all C-level executives a talking point, i.e., how to effectively strategise their approach towards adoption of new and mature security practices.
Indian companies, especially SMEs, are relatively less mature in comparison to their global counterparts on the security front. Hence, the challenges here are a little different. Lack of awareness around compliance and policy among employees being one of the biggest challenges. In fact, majority of SMEs are not very compliance driven. The government here is not initiating ways to implement compliance as stringently as in some of the other countries like US and UK. Also, Indian companies tend to miss out the human factor, which includes employees knowingly or unknowingly not adhering to rules and policies, fraudulent practices, etc, while sorting out security issues.
To what extent does the human factor pose a challenge, and how can it be addressed?
First we need to understand that technology can only act as an enabler. It cannot go beyond its role of restrictive usage or controlled usage. Practical approach towards this issue should be educating the end users within the organisation, making them aware of various policy and compliance related issues, and developing this culture within the company. There are various tools available now which can thoroughly scrutinise, but all the above aspects are essential for the tools to be effective.
What are the key technology requirements in the context of mushrooming newer and more intelligent threats?
We have been insisting on the fact that today security solutions need to be dynamic and risk-based instead of static and reactive. The security and information management systems should have the potential to deal with all the dynamic threats both in reactive and proactive mode.
This paves the way for what it is called “agile security”. Agility in security means there is a transformation of the security solution business model on basis of factors such as preparedness towards unknown threats in future and longevity of the solution beyond the expected timeline. Businesses need a full agile security set up in their IT architecture, if they are to stand a chance of protecting themselves against fast emerging threats.
How can SMEs justify investments into these solutions considering the overall IT budget constrains?
SMEs should decide on what grounds are they going for a certain type of solution. Is it on the basis of compliance? Is it because of business benefit? Or is it just because of need of the hour?
It is true that large enterprises do have the requisite budget to afford any new solution in market. However, SMEs should realise that security is not an additional cost but is an enabler to reduce cost. Take for instance, the BYOD phenomena. Enterprises will be able to leverage the potential benefits of BYOD only if the security aspect is taken care of. Hence, here security is not bringing on more cost, it is actually reducing potential revenue loss.