With organisations flourishing and moving towards cloud, the security challenges for CIOs does not lie just in protecting the confidential data, but also in securing the infrastructure that supports it.
A leading computer security expert once said, People in general are not interested in paying extra for increased safety. At the beginning, seat belts cost $200 and nobody bought them. How true! During the last couple of years, many enterprises reduced their emphasis on security measures. The reason: the downturn had forced them to rationalise their IT budgets and underplay the aspect of redesigning and reconfiguring the security architecture.
With most of the information being moved to the cloud, experts have started strongly advocating for an end-to-end protection of information. In fact, security architecture is becoming more and more complex, and enterprises are toying with security frames which were optional when the concept of cloud was introduced.
The problem got supplemented with a dearth of regulatory guidelines and lack of awareness. Organisations need to identify the right business consciousness. For any CIO, it is to important to make sure if all the measures have been put in place as per the company guidelines and requirements, says Dr Kamlesh Bajaj, CEO, Data Security Council of India.
Importantly, while the degree of security awareness is on par in larger enterprises, small and medium businesses still have a long way to go. If we go by the estimates, many organisations in India still spend less than 20 percent of their IT budgets on security and have the lowest deployment rate across the Asia Pacific Japan region the perfect getaway for cyber subversives.
Tackling security risks
With new technology advances, the entire security domain has entered into a new silhouette where the information can be circumvented by attacks. It is necessary to have a structured approach to endpoint protection that not only protects from threats at all levels, but also provides interoperability, seamless implementation and centralised management.
The biggest challenge for CIOs today is managing and securing the exponentially growing information in the IT infrastructure. At the same time, internet threats are also increasingly impacting them. Under such circumstances a secure cloud, whether private or public, can support their business, says Vishal Dhupar, Managing Director, Symantec India and SAARC.
Agrees Dhiraj Sinha, Leader, Technology, Applications and Process Solutions group, Dell Perot Systems, For implementing best security practices, it is essential to view the future needs rather than look at the current requirements only.
A recent study commissioned by the Ponemon Institute reveals that the threat of employees walking away with data has increased tremendously. As per the study, 59 percent of respondent who left an organisation smuggled out data with them. Another study conducted by Symantec on data loss in Indian enterprises revealed that just 15 percent of organisations have some form of data loss prevention measure, despite the fact that 79 percent highlighted data loss to be their most serious security concern.
With growing usage of enterprise mobile devices and cloud computing, the concerns of CIOs are only going worsen. Gartner projects a whopping 37 percent in India laptop market in 2009. Further, the smart phones market, sized at five million in 2008 is expecting a compound annual growth rate of 23 percent by 2011, as per a tech research firm Ascenda. This has staged a dilemma for CIOs to not only defend these innumerable endpoints, but also manage them in a newer ways.
Google's App Engine and Amazon's EC2 service are the examples of cloud computing. According to Gartner, cloud computing is fraught with many security risks and organisations should be well prepared to tackle the increased complexities.
This definitely poses new questions in terms of extending their VPN to into the cloud, installing proper network monitoring and antivirus software. At the same time, this throws up newer challenges of remotely and securely managing the cloud infrastructure, says Mukesh Kumar, Founder & CEO, QA InfoTech Since a secure endpoint is a well-managed endpoint, experts believe that a holistic, risk-based approach to security is needed to tackle this problem.
Among the new trends, mobile penetration is forcing enterprises to chalk out an enhanced security framework to effectively reduce risk and ensure data is protected at all times, no matter where it is used or stored laptops, smart phones, PDAs and removable USB devices.
Globally, best-in-class companies are using a stepwise mobility management approach to take control of their growing mobile infrastructures. The focus of any IT manager is to reduce security risks and increase mobile user productivity, says Sunil Jose, Managing Director, India and Sub-Continent, Sybase Moreover, cyberpunks are now viewing mushrooming of mobile infrastructure as a great opportunity. While these attacks arent new, their ability to leverage mobile devices is the weakest link in the entire security chain.
New technology has brought an ability to store a lot more than earlier times. This is the scariest part since all trade secrets can now be stored and easily divulged to the wrong party, says Franck Rougier, president, Blue Helios.
According to a recent IDC report, the digital information is expected to surge six fold, from 281 exabytes in 2007 to a staggering 1,773 exabytes in 2012. This explosive increase in the amount of information presents a huge challenge to manage and secure.
Experts believe that while antivirus, anti spyware and other signature-based protection measures were sufficient to protect organisations in the past, proactive methods are needed to ensure that data stays protected from a variety of threats.
Bolstering the architecture
The dynamic nature of threats from a multitude of sources signifies that organisations should be monitored 24X7 to reduce risk and ensure data is protected at all times. This entails putting in place a risk-based solution for information security, rather than a reactionary system.
The complexities in the security architecture is definitely on the rise, however it is imperative for the CIO to secure the information, which is valuable and threatened, irrespective of the location or the platform including laptops, smart phones, PDAs and removable USB devices, says Prakash Pradhan, Head IT, Jackson Paul Pharmaceuticals.
Also, for an IT department, its crucial to manage things from a central console, where repair and maintenance can be done remotely without the need for the devices to be brought back. Nonetheless, with the increased mobile environment, inclusion of cloud and ever growing cyber threats, the boundaries to secure Indian enterprises expand much beyond their office walls. To be able to handle this, enterprises need to be more alert and active in order to prevent as well as detect any such attacks on their networks. And here any compromises can lead to a series of multiple ambiguities, which can ultimately hamper the growth trajectory.