At the network level
Girdhar, Country Manager - India and SAARC, Juniper Networks, tells Soutiman
Das Gupta which aspects of information security will gain importanceand
why it's important to first secure the network.
How important is information security for Indian companies
today and in future?
As long as companies need to protect their information from competitors and
other parties, information security will be an essential element of business.
Traditionally, security was viewed as a protector of critical assets and resources
from the untrusted or outside world.
This is no longer the case. Security has assumed more importance
today. Networks are no longer segmented on the basis of trust and distrust.
For today's enterprise, security is not about restricting access to business-critical
resources and applications. Information security provides enterprises strategic
value to address some of the most critical challenges such as improving competitiveness,
reducing operational risks and allowing ubiquitous access to various services
without compromising on security or performance.
Demand for virtual private networking, and especially
SSL-based VPN technology, has been growing at an impressive rate. The
APAC market for SSL VPNs has grown by 37 percent in just one quarter
Many organisations have to follow stringent statutory requirements.
Sufficient and properly administered network security is important to meet these
guidelines. With the increasing adoption of the Internet for business use, connectivity
is available anywhere. The challenge is to use this medium securely and allow
access to all business users including vendors, suppliers and business partners.
What aspects of information security are set to gain centre
stage in India over the next few months?
Integrating networks and applications with the Internet and simultaneously safeguarding
them from virus attacks will be the main aspect of security. It is becoming
increasingly critical to open up networks and make them accessible from external
locations as well. The opening up of networks has facilitated the use of the
Internet as a necessary evil against which networks need to be secured.
Demands for virtual private networking, and especially SSL-based VPN technology,
have been growing at an impressive rate. The APAC market for SSL VPNs has grown
by 37 percent in just one quarter, from Q2 04 to Q3 04 (Frost & Sullivan).
My company leads this market, with 31 percent marketshare (APAC Q3 04) and we
have experienced significant demand for this element in a secure and assured
Why is it necessary to deploy information security solutions
at the network first?
The network carries all the sensitive information that a business uses. Network
security is undergoing a paradigm shift. It is imperative to deploy security
solutions from the ground up level so that the information, which the receiver
will get, is not hampered. These networks are the carriers of most critical
data, which makes them the most essential level where security solutions need
to be deployed.
It is important that an organisation views its network as a single 'untrusted'
network and then deploys appropriate checks and controls based on the resources
and applications being accessed, when, from where and by whom.
If network security comes first, what are the other steps
A layered security strategy, comprising multiple layers
of complementary security technologies, all working together, help minimise
risk by presenting multiple barriers to attackers
There is no silver bullet to security. Companies can evolve
and use a layered security approach to protect their remote users and sites,
regional offices, the network perimeter and the network data centre/core.
It is a generally accepted fact that intrusions and attacks are inevitable and
that a layered security strategy comprised multiple layers of complementary
security technologies-all working together help minimise risk by presenting
multiple barriers to attackers. A layered approach can also provide network
administrators more time to react, allowing them to modify the security posture
of the network infrastructure to prevent further damage at all levels.
Do the current security solutions address information security
at the network level? Why do you feel that this requires special importance
Information security is an ongoing process. As the technology advances, there
will be more viruses and hacking tools that will threaten the networks. It is,
therefore, important to upgrade security measures constantly.
Network security approaches change with changes in the business environment.
As networks become more robust, it becomes even more important to apply stringent
you believe that point solutions is a better approach or can companies use security
Multi-Function Devices (MFDs) that combine the functionalities of a firewall,
IDS and anti-virus?
With regards to our company, we have point solutions, but
we are also moving to MFDs with our Endpoint Defence Initiative. Beyond this,
it is important to look at each threat that is posed to the network independently
and then deploy solutions individually to counter the threat.
In your opinion, what are the common mistakes most CIOs
make when it comes to information security? How can they rectify these mistakes?
Products by themselves cannot provide complete security. CIOs must always advocate
a holistic 'big picture' approach to network planning. Most businesses today
have deployed one or more security products in their network.
However, the core issue is to build information security guidelines first in
accordance with their business needs. Once guidelines are formulated, they should
be translated into a framework of policies and processes. The network security
architecture can then be developed in accordance with these. The architecture
must be based on open standards and be flexible and scalable. It should also
allow integration of new security technologies that the organisation might want
to leverage to gain business advantage.
What are the three essential points of advice that you'd
give CIOs who would like to deploy a reliable information security architecture
for their organisation?
The CIO must ensure that the enterprise uses layered security
architecture to maintain security at every point. Security guidelines must be
aligned with the implementation of the layered architecture. Further, security
audits should be done periodically to keep security measures up-to-date.
Soutiman Das Gupta can be reached at firstname.lastname@example.org