Cover Story: Enterprise Security
Protection for the enterprise
The rate at which security breaches occur in enterprises
is increasing by the day. Here are the strategies that security solutions vendors
and consultants have to address this problem
Has the concept of enterprise security changed? What
are the products and strategies vendors have to protect the enterprise? Here's
what leading security vendors and consultants have to say.
Sunil Bhatt, Chief Technology Officer, Allied Digital
Although general awareness about IS security has increased
in the user community, the awareness on internal security threats is low. The
growth at which internal security breaches occur is much higher than external.
Few large organizations have implemented security solutions to protect themselves
from internal threats. Implementing security solutions like PKI, smart card
and biometric authentication systems is the current trend in the enterprises.
IT Security is not just about products, but also concerns
processes. The methodology adopted by most security vendors is to start with
risk assessment of the customer's IT/IS infrastructure and suggest products
and services. Security vendors often educate customers about external &
internal threats to its IT environment. But even after implementing world-class
IT security products, enterprises are not (completely) protected as the products
are not regularly updated or patched. Many security companies provide managed
security services to customers, and this is one way to ensure that products
are updated. Managed services include remote monitoring of firewalls & IDS,
log analysis services, patch management services etc.
Rajendra Dhavale, Consulting Director, CA India
CA's overall security management strategy is to encourage
and educate organizations to move away from today's 'conventional fragmented
It's time to shift to more holistic, end-to-end security,
most essential for organizations in today's highly complex enterprise
Deploy security solutions that provide comprehensive
threat management, identity management and access management across the full
range of platforms, applications, and the multi-vendor resources found in today's
Avinash Purwar, Business Development Manager, Cisco
Indian enterprises can no longer allow a single hacker
or worm to play havoc with business systems. Organizations that are running
business critical applications on their network have realized this. Indian companies
today are realizing that Securing Networks is not only about products but evolves
around a philosophy called Corporate Security Policy.
Cisco takes a defense-in-depth approach to network
security design. This type of design focuses on the expected threats and methods
of mitigation, resulting in a layered approach to security where the failure
of one security system is not likely to lead to the compromise of network resources.
Sunil Jose, Country Manager - Tivoli Software, IBM India
One should deploy security management solutions that
provide foundational capabilities to protect an organization's infrastructure.
In many ways, security is a horizontal requirement, providing an infrastructure
of support across all applications and systems. Look for multi-platform support,
enhanced management controls, security life-cycle management, and security infrastructure
P K Jain, Managing Director, Lanner India
Security vendors and security consultants should understand
the needs of customers. They should then pitch the best suitable product to
them and provide value-addition services. Look for customized solutions.
Sanjiv Mathur, Group Manager, Microsoft Corporation India
The Trustworthy Computing initiative at Microsoft,
officially launched in January 2002, is a long-term, company-wide effort to
deliver safe, private and reliable computing experiences for everyone. The Trustworthy
Computing initiative is predicated on four key pillars: privacy, security, reliability
and business integrity.
While security is never absolute, Microsoft has made
changes that enable customers to strengthen it, and has built a foundation for
further improvement in future products. It may take us 10 to 15 years to get
there, both as an industry and as a society.
Paul Sarrano, Senior Director of Marketing, Asia Pacific, NetScreen Technologies,
Some of the main security strategies include:
- Adopting a layered security approach
- Implementing deeper levels of protection
- Taking a preventative approach to security
- Viewing security as an ongoing process
- Trend for integrated security platforms
- Need for highly interoperable security solutions
- Policy-based centralized management platform
Ashley Wearne, Area Vice President, Australia, New Zealand, South-east Asia
At Network Associates we have the McAfee Protection
In-Depth Strategy which outlines the importance of protecting the IT infrastructure
from the edge to the core. McAfee System Protection Solutions help enterprises,
assure the availability and security of their desktops, application servers,
and Web service engines. Look for solutions that help enterprises assure the
availability and security of network infrastructure.
Vipul Sheth, MD, nSecure Software
Security is dependent on people, process and tools.
Look for tools that will help automate tasks. There are security companies that
help enterprises find gaps in their environment, plan implementation, to use
the right tools, and to ensure that they get value for the money spent. Such
companies also help organizations educate its teams to better understand the
vulnerabilities and weaknesses, and guide them in planning the appropriate actions
when incidents do occur.
Sanjay Jotshi, Director-Marketing & Channels, Nortel Networks India
Today's enterprises look for end-to-end security solutions
and they are looking for network protection at every layer. Earlier, they used
to look for point solutions that offer security at various levels. However,
now they are now looking for more comprehensive enterprise security solutions
that protect their networks as well as offer them performance. The performance
of networks degrades significantly because of multiple security checks being
performed on the traffic flowing in and out of the enterprise network.
Nortel Networks' definition of integrated network security
is based on a key tenet known as 'Security in the DNA.' This approach means
that networking products will be built ground-up taking security into consideration.
Nortel Networks strategy for enterprise security, called 'Unified Security Architecture,'
provides a conceptual, physical and procedural framework of best recommendations
and solutions for enterprise network security.
Ambarish Deshpande, Manager, Channel and Consumer Sales, Symantec India
Symantec's strategy is to help customers proactively
handle all security threats. Symantec initiated the integrated solution approach
to block blended threats like Nimda, CodeRed, Sobig, Blaster etcand launched
integrated solutions with intrusion detection, fireWall, anti-virus, VPN and
content filtering. Symantec also launched an integrated solution for Symantec
Client Security, which has integration of anti-virus, desktop level firewall
and IDS technologies.
Vishwajeet Deshmukh, CEO
The Firewall market is very mature now. The new trend
is that people are now going in for a second firewall to protect their main
financial and database servers. This gives protection from inside threats. Surveillance
and forensic solutions are also in vogue.
Niraj Kaushik, Country Manager, Trend Micro India
Using Trend Micro's Enterprise Protection Strategy,
not only can customers prevent the virus from proliferating but more importantly,
for the first time they have an assurance in terms of speed of response. Trend
Micro has also launched an automated cleaning service, independent of the anti-virus
The key is a new set of products, which are complimented
by continuous services like outbreak protection, Damage cleanup, SPAM prevention