Nuts and bolts no more

Enterprise security has evolved from being about point tools to the stage where policy and processes are of paramount importance

Time was when enterprise security meant an anti-virus on every desktop and if you were really savvy, a gateway or host-based AV running on your perimeter or file server. Those days are gone, finis, history...

Today securing a company involves a complex array of hardware and software but that’s only the beginning. A truly secure enterprise is one where the policies and processes are carefully crafted, documented in detail and constantly being improved for the threat environment isn’t static, it’s evolving faster than primordial slime in a glass bottle hit by a bolt of lab-generated lightning.

That’s why, when the Indian Express Group hands out the Microsoft Security Strategist Awards, the rating of nominees by the jury is done on the basis of how well CSOs stack up on the policy and process front. In fact, nominees who talk too much about hardware and software are on a slippery slope.

The 2006 MSSA winners all have in-depth security mechanisms that are woven so intricately with their company’s business processes that you couldn’t unravel one without the other’s skeins coming apart in your hands.

We have, in no particular order, ICICI Bank—one of India’s largest banks, Cognizant—a leading software services and ITeS player and Hindustan Petroleum Corporation Limited (HPCL)—the second largest integrated oil refining and marketing company in India. These are all giants in their respective categories but that isn’t why they won. They were up against equally formidable opponents. ICICI was tussling with Bank of India, HPCL with Hindalco and Apollo Tyres and Cognizant with CGSL (formerly known as e-Serve). What tipped the scales in the winners’ favour was that the jury felt that the security set-ups at these organisations had evolved to the point where processes are documented, pervasive and in a state of Kaizen.

For those who came in late, Kaizen is one of many Japanese concepts that were popularised globally in the wake of Japan’s emergence as a global economic power in the 1980s powered by the teachings of an American consultant named Dr. W. Edwards Deming. Kaizen in Japanese means improvement in general and continuous improvement to be precise. Deming was that rare person, a genius unheralded in his own country whose teachings seeded the manufacturing industry in another. He got recognition in his homeland only when the Japanese began clobbering US firms.

Let me tip my hat to the winners and leave you with an issue that contains write-ups about the security set-ups of both winners and nominees focusing on what makes the security environments in each of these companies tick.

Prashant L Rao
Executive Editor