Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
Issue of June 2003 
[an error occurred while processing this directive]
 Home > IS2003
 Print Friendly Page ||  Email this story

Security should be all encompassing

For most enterprises Information Security is limited to anti-virus and firewall solutions. There are other threats and companies should secure all areas of the network by using a mix of security solutions

Globally, Information Security is considered to be a top priority across industry verticals. In India, most companies have for long been contended with anti-virus and firewall solutions. But due to increased globalization, highly competitive business environments and other regulatory factors, certain businesses have taken a new approach to address Information Security. In fact, Security has become one of the top three IT priorities for 2003-04 with 32 percent of the respondents focused on securing their networks. Security is the top priority in the BFSI and Telecom/IT/ITES segments.

There are three main reasons for this change. Firstly, local firms doing business internationally need to flash the secure credentials of their networks in order to gain trust of their global partner Secondly, regulators (like RBI) have issued guidelines to banking and finance companies advising them to secure their information assets. For banks, data translates to money and illicit data tampering could result in losses, not to mention damage to reputation and defection of customers. Thirdly, companies are increasingly doing business over intranets or public networks. They're interconnecting branches and regional offices; businesses are opening up their networks to partners, customers, clients, and suppliers. This necessitates deployment of various security solutions.

Beyond firewalls
Of the companies surveyed, 61 percent have already invested in some sort of security solution. Most of this investment has been in the area of anti-virus (93 percent) and firewalls (65 percent).

A distant third was VPN with 31 percent of the respondents—mostly in Telecom/IT/ITES verticals having secured connectivity over public networks.

There are very few companies which have already invested in areas like IDS, identity management, encryption/cryptography, and access control devices.

Usage of these anti-virus and firewall solutions is high because Indian enterprises still consider 'Viruses' (83 percent companies) and 'Internet Security' (50 percent) as the most critical security issues facing their organization. Other security issues like 'Internal Fraud' or 'Theft or damage to data' are not considered that critical.

Companies need to look at other security threats as well. In order to tackle these threats they need to think beyond anti-virus and firewalls.

Planned investment
The investment in traditional security solutions will continue this year. However, the number of companies planning to invest in anti-virus solutions has come down to 40 percent. Since most companies have already deployed anti-virus solutions in the past, most of their investments will be in terms of additional licenses or patches/upgrades—something that requires minimal investment.

Planned investment in firewalls is the highest (among various security solutions) with 42 percent companies focusing on implementing firewalls. Usage of firewalls is increasing because many enterprises are connecting their intranet to public networks. Also, enterprises have opened up their networks to suppliers, partners and customers. This also explains why the BFSI and Telecom/IT/ITES verticals are planning to invest in firewalls.

IDS and VPNs are other areas of significant interest. Overall, 30 percent companies (50 percent from Telecom/IT/ITES and 46 percent from BFSI) are planning to invest in IDS this year. An IDS identifies and analyses possible security breaches from outside as well as within an organization. Security breaches by employees are a clear concern in the Telecom/IT/ITES and BFSI verticals.

29 percent of companies are planning to invest in VPNs. Most of these companies have offices across distant locations and are looking for economical but secure connectivity through existing public networks. Apart from the Telecom/IT/ITES vertical it is the FMCG and Govt./PSUs that are showing a growing interest in VPNs.

Companies in the BFSI, Telecom/IT/ITES, and Govt./PSU segments are looking at investing in other kinds of security solutions as well. For instance, over 32 percent of respondents within the BFSI vertical will make investments in Encryption/cryptography and 35 percent in Access control devices. These solutions are necessary for securing data in transit and for providing controlled access. Since more banks are going in for online or Internet banking it necessitates deployment of such solutions.

Research Snapshots
  • Firewalls along with intrusion detection systems & VPNs form the most prominent areas for investment in IT security solutions.
  • Data security, unauthorized employee access and data security in transit are the three major areas covered by IT security policy.
  • Functional heads along with CIO, and to an extent the CEO, are the main people involved in framing the security policy of an organization.
  • Viruses followed by Internet security are the two major security issues in Indian enterprises.
  • Out of the total organizations surveyed, about three-fourths do not conduct any kind of security audit.
  • Among those who do have a system of security audit, in almost two-third of cases, the audit is done by an internal team.
  • Discussion of security at boardroom level is more common in case of BFSI, Telecom/IT/ITES and Healthcare segments.
  • Only one-fifth of the organizations surveyed have got a CSO. In almost half the cases CSO reports to the CIO. Among those organizations who do not have a CSO, only 14 percent plan to have a CSO.
- <Back to Top>-  

Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.