For most enterprises Information
Security is limited to anti-virus and firewall solutions.
There are other threats and companies should secure
all areas of the network by using a mix of security
Globally, Information Security
is considered to be a top priority across industry verticals.
In India, most companies have for long been contended
with anti-virus and firewall solutions. But due to increased
globalization, highly competitive business environments
and other regulatory factors, certain businesses have
taken a new approach to address Information Security.
In fact, Security has become one of the top three IT
priorities for 2003-04 with 32 percent of the respondents
focused on securing their networks. Security is the
top priority in the BFSI and Telecom/IT/ITES segments.
There are three main reasons
for this change. Firstly, local firms doing business
internationally need to flash the secure credentials
of their networks in order to gain trust of their global
partner Secondly, regulators (like RBI) have issued
guidelines to banking and finance companies advising
them to secure their information assets. For banks,
data translates to money and illicit data tampering
could result in losses, not to mention damage to reputation
and defection of customers. Thirdly, companies are increasingly
doing business over intranets or public networks. They're
interconnecting branches and regional offices; businesses
are opening up their networks to partners, customers,
clients, and suppliers. This necessitates deployment
of various security solutions.
Of the companies surveyed, 61 percent have already invested
in some sort of security solution. Most of this investment
has been in the area of anti-virus (93 percent) and
firewalls (65 percent).
A distant third was VPN with
31 percent of the respondentsmostly in Telecom/IT/ITES
verticals having secured connectivity over public networks.
There are very few companies
which have already invested in areas like IDS, identity
management, encryption/cryptography, and access control
Usage of these anti-virus and
firewall solutions is high because Indian enterprises
still consider 'Viruses' (83 percent companies) and
'Internet Security' (50 percent) as the most critical
security issues facing their organization. Other security
issues like 'Internal Fraud' or 'Theft or damage to
data' are not considered that critical.
Companies need to look at other
security threats as well. In order to tackle these threats
they need to think beyond anti-virus and firewalls.
The investment in traditional security solutions will
continue this year. However, the number of companies
planning to invest in anti-virus solutions has come
down to 40 percent. Since most companies have already
deployed anti-virus solutions in the past, most of their
investments will be in terms of additional licenses
or patches/upgradessomething that requires minimal
Planned investment in firewalls
is the highest (among various security solutions) with
42 percent companies focusing on implementing firewalls.
Usage of firewalls is increasing because many enterprises
are connecting their intranet to public networks. Also,
enterprises have opened up their networks to suppliers,
partners and customers. This also explains why the BFSI
and Telecom/IT/ITES verticals are planning to invest
IDS and VPNs are other areas
of significant interest. Overall, 30 percent companies
(50 percent from Telecom/IT/ITES and 46 percent from
BFSI) are planning to invest in IDS this year. An IDS
identifies and analyses possible security breaches from
outside as well as within an organization. Security
breaches by employees are a clear concern in the Telecom/IT/ITES
and BFSI verticals.
29 percent of companies are
planning to invest in VPNs. Most of these companies
have offices across distant locations and are looking
for economical but secure connectivity through existing
public networks. Apart from the Telecom/IT/ITES vertical
it is the FMCG and Govt./PSUs that are showing a growing
interest in VPNs.
Companies in the BFSI, Telecom/IT/ITES,
and Govt./PSU segments are looking at investing in other
kinds of security solutions as well. For instance, over
32 percent of respondents within the BFSI vertical will
make investments in Encryption/cryptography and 35 percent
in Access control devices. These solutions are necessary
for securing data in transit and for providing controlled
access. Since more banks are going in for online or
Internet banking it necessitates deployment of such
- Firewalls along with intrusion detection
systems & VPNs form the most prominent areas
for investment in IT security solutions.
- Data security, unauthorized employee access
and data security in transit are the three major
areas covered by IT security policy.
- Functional heads along with CIO, and to an
extent the CEO, are the main people involved
in framing the security policy of an organization.
- Viruses followed by Internet security are
the two major security issues in Indian enterprises.
- Out of the total organizations surveyed,
about three-fourths do not conduct any kind
of security audit.
- Among those who do have a system of security
audit, in almost two-third of cases, the audit
is done by an internal team.
- Discussion of security at boardroom level
is more common in case of BFSI, Telecom/IT/ITES
and Healthcare segments.
- Only one-fifth of the organizations surveyed
have got a CSO. In almost half the cases CSO
reports to the CIO. Among those organizations
who do not have a CSO, only 14 percent plan
to have a CSO.