Archives ||About Us || Advertise || Feedback || Subscribe-
-
Issue of January 2004 
-

  -  
 
 Home > Cover Story
 Print Friendly Page ||  Email this story

Cover Story: Security

Towards a secure tomorrow

Over the years, IT security in the Indian enterprise has progressed from being a non-entity to an integral factor that cannot be ignored. Although there is much more to be desired on this front, these changes are indicators that the Indian corporate is becoming aware of the need to be secure.

Anil Patrick R

India may not be right up there with the best globally in terms of being secure. But, the time when that happens is not that far away. While we may not exactly achieve this in 2004, the year will certainly see significant steps being made. One of the significant indicators in this direction is the increasing number of organizations trying to get certifications like BS7799.

Stumbling blocks to security

The Indian enterprise generally lacks awareness and conviction, which results in failure of security initiatives. Awareness is more important than the technology being used.

"The shift from IT security being a vendor-driven initiative to a user-driven initiative will happen only when the entire organization is aware of IT security," said Mani B Mulki, CIO, Godrej Industries.

"A major challenge in implementing proper security is lack of conviction. This results in efforts limited to superficial security measures," said C Kajwadkar, Vice President, NSE.IT. With such a perspective, security tends to be more of a superficial nature than really achieve its objectives. This is one of the important reasons why the Indian information security market is still more vendor-driven in nature than a user-driven market.

There are financial and implementation issues in the way of security measures as well. "On the other hand, the comprehensive perspective of 'enterprise as a whole' also poses budget and implementation issues," Kajwadkar commented.

Increasing awareness

IT security is undergoing a major paradigm shift from being just an 'IT prerogative' to a business sustenance need. Security policies are now being made with active involvement of the top-level management.

The Indian corporate has seen an increased leverage of the Internet to connect to partners and customers post the dot-com boom. Top management is becoming more aware of disruptive factors like viruses and security breaches, as major business risks. This has been the prime factor behind the increase in security awareness levels.

User education will be a very visible trend in 2004, than just emphasis on security policies. This is the best way to ensure that security policies do not end up as some more documents gathering dust. "There needs to be better awareness at the lowest level on an ongoing basis since the problem always begins there and not at the top. So more end-user education is the trend we will see," said Rajiv Gerela, AVP-Technology, Wipro Spectramind.

Outsourcing security

Outsourcing of IT security is another area which is going to show major increase. Management of major e-commerce application servers is likely to be outsourced to the datacenter hosting them. Or companies may outsource the function of monitoring the organization's IDS logs to detect breaches.

"Outsourcing of security is going to happen in a major manner this year. While you can't completely outsource your entire security setup, it is necessary to have fully dedicated people to evaluate, and implement it. One thing to note out here is not to give complete hand-over of security control which could mean being taken for a ride," said Murali G, Head - IT, SBI Life Insurance.

The reason behind this trend is that IT security requires highly specialized and dedicated teams. This may not be a core priority for many companies who may prefer to concentrate more on their core business. So it makes more sense for such companies to outsource security. The level of security outsourcing will depend on the company's comfort levels and are bound to vary in each organization.

Periodical IT audits is another aspect of security that will be outsourced. These audits are of great use in evaluating the strength of an organization's security infrastructure.

Dedicated security professionals

Security requires independent treatment—separate from IT. This realization has led to many organizations going in for a team of dedicated security professionals focusing full time on IT security.

"A new thing that the top management in fairly large organizations have to prepare themselves for, is the need to set up a separate IT security team. This team has to be separate from the actual IT team," said Mani B Mulki. A Chief Security Officer (CSO) is yet another IT security trend that many Indian organizations will adopt in 2004. The CSO will be responsible for handling the security infrastructure of an organization. As usual, the BFSI segment is the forerunner on this front with many financial institutions already having CSOs.

Combating spam

Most organizations have started fighting spam due to clogging up of networks and productivity loss. Although spam cannot be completely avoided, many spam blocking solutions will be available in 2004 to control this menace. See Box: ‘Just in’ to see some of the other technology trends that will start making their presence felt in 2004. j

Anil Patrick R can be reached at anilpatrick@networkmagazineindia.com

Just in

A recent trend is to have a single point of control for all the security solutions in the organization. In terms of convenience of management, these solutions offer many advantages.

"Written policies and procedures apart, more proactive monitoring functions and products which can track alarms across different systems/LANs/IDSs, are going to be in demand by IT managers," said Rajiv Gerela. These solutions are bound to find good rates of adoption by the Indian enterprise in 2004.

An interesting trend in security is 'integrated security'. "With focus on e-governance, the integrated security needs have gone further beyond e-commerce. And with the concept of integrated security, it is obvious that the adoption of devices/mechanisms including digital certificates is inevitable," Kajwadkar opined.

Emergence of encrypting measures is another trend that is catching up. "Due to the large and increasing number of transactions taking place over the Internet, encryption products is an area likely to grow this year," said Mani B Mulki.

Solution provider perspective
Here's what a few vendors and service providers have to say about security in the Indian enterprise in 2004.

K.N.Prasad, Head- Marketing & Alliances, Apara Enterprise Solutions
Customers will start looking at security holistically instead of looking at packaged solutions in 2004. Large enterprises will adopt the BS 7799 information security framework with MNCs and ITES companies leading the pack in implementation and certification. Companies will start addressing content security concerns, which directly affect user experience and hogs organizational resources. Spam prevention solutions and services look promising. Customers are also concerned about storage security. Providing security to data at rest and in flight will be a challenge."

Naresh Wadhwa, Vice President, Cisco Systems, (India & SAARC)
"Security is an integral part of any network infrastructure today and enterprises are taking proactive steps to secure their networks. They are increasingly investing in a comprehensive security suite as against point products/solutions. Network Security for Indian enterprises is fast becoming a key differentiator rather than an afterthought."

Venkata Subramanian, Project Manager, Computer Associates
"Companies are undergoing a process of improving information security ensuring confidentiality, integrity and availability of mission critical systems and data resources. These efforts are often managed at the business unit level with a focus on the information availability required in today's integrated real time business world."

Joyjit Chatterji, Vice President, Comsat Max
"In 2004, it's expected that enterprises will invest in bigger numbers to create a strategy to have defined recovery in a period of time from disasters. The solution will be selected by balancing the cost of such a solution with criticality of IT infrastructure in the business process. Service providers offering end-to-end solutions will find favor and vendors will either develop the expertise or tie up with other vendors to complete the solution."

Kalyan Kumar, Technical Marketing Manager, Converged Networks Business Unit, HCL Comnet
"Properly designed networks aimed at high availability, recoverability and data integrity will provide enterprises with a reliable and secure e-network infrastructure for conducting business in 2004. Moreover, companies are increasingly going into security processes like BS7799, which are essential."

Soundararajan S, Head - IT Infrastructure & Security Consulting, Infosys
"Chief Information Security Officers (CISOs) will become a necessity and will be as invaluable as the CEO. Security will evolve from being a reactive technology to more proactive technology. As is the case with enterprise security, top management involvement in the business continuity roadmap will become a must."

Sharad Sanghi, Managing Director, Netmagic Solutions
"2004 will definitely see a growth spurt in the DR segment. SEBI guidelines for the Banking and Finance Industry, which mandate that financial Institutions like Banks and Mutual Funds need to have DR measures in place. BPOs and call centers also need to have their DR, security, and BCP well-established to lure offshore clients, and conform to standards like COPC, BS7799, and HIPAA. Add to this mix of factors is a resurgent global economy, which allows enterprises to bolster their IT budgets, network security, DR, and BCP."

Kartik Shahani, Country Manager - India, Network Associates
"The Real Time Enterprise of 2004 will see network decision makers focus on 'Proactive' security solutions. Another trend enterprises will benefit from through 2004 is the adoption of a multi-phased/layered defense that would protect the corporate's IT infrastructure from both known and unknown attacks. 2004 will see the CTO evolve and demand more from his security providers: an expert security service that can identify, assess and protect his key assets."

Rahul Swarup, President, Enterprise Solutions, Sify
Evolution of enterprises from deploying stand-alone products for security as opposed to a holistic security readiness scenario, driven by business exigencies will be seen in 2004. While enterprises may look at deploying and managing their security infrastructure internally, the complexity and the drain away from core business will trigger outsourcing of security infrastructure as has been witnessed in the networks/datacenter spheres. Enterprises will no longer need to shop with multiple vendors as there is an evident rise in players providing end-to-end security solutions ranging from products to consulting.

Joy Ghosh, Enterprise Sales Director, ASEAN and India
The security conscious like banks will be the front-runners in 2004 in the move towards the integration of multiple security technologies, as opposed to the current best-of-breed approach. This will be done both at the product and management level, to make security more holistic and easier to manage.

 
     
- <Back to Top>-  

Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.