Nuts and bolts no more
Enterprise security has evolved from being about point tools
to the stage where policy and processes are of paramount importance
was when enterprise security meant an anti-virus on every desktop and if you
were really savvy, a gateway or host-based AV running on your perimeter or file
server. Those days are gone, finis, history...
Today securing a company involves a complex array of hardware and software but
thats only the beginning. A truly secure enterprise is one where the policies
and processes are carefully crafted, documented in detail and constantly being
improved for the threat environment isnt static, its evolving faster
than primordial slime in a glass bottle hit by a bolt of lab-generated lightning.
Thats why, when the Indian Express Group hands out the Microsoft Security
Strategist Awards, the rating of nominees by the jury is done on the basis of
how well CSOs stack up on the policy and process front. In fact, nominees who
talk too much about hardware and software are on a slippery slope.
The 2006 MSSA winners all have in-depth security mechanisms that are woven so
intricately with their companys business processes that you couldnt
unravel one without the others skeins coming apart in your hands.
We have, in no particular order, ICICI Bankone of Indias largest
banks, Cognizanta leading software services and ITeS player and Hindustan
Petroleum Corporation Limited (HPCL)the second largest integrated oil
refining and marketing company in India. These are all giants in their respective
categories but that isnt why they won. They were up against equally formidable
opponents. ICICI was tussling with Bank of India, HPCL with Hindalco and Apollo
Tyres and Cognizant with CGSL (formerly known as e-Serve). What tipped the scales
in the winners favour was that the jury felt that the security set-ups
at these organisations had evolved to the point where processes are documented,
pervasive and in a state of Kaizen.
For those who came in late, Kaizen is one of many Japanese concepts that were
popularised globally in the wake of Japans emergence as a global economic
power in the 1980s powered by the teachings of an American consultant named
Dr. W. Edwards Deming. Kaizen in Japanese means improvement in general and continuous
improvement to be precise. Deming was that rare person, a genius unheralded
in his own country whose teachings seeded the manufacturing industry in another.
He got recognition in his homeland only when the Japanese began clobbering US
Let me tip my hat to the winners and leave you with an issue that contains write-ups
about the security set-ups of both winners and nominees focusing on what makes
the security environments in each of these companies tick.
Prashant L Rao