Pradeep Nair, Director, Software Group, IBM India/South Asia discusses the security market, client expectations and ibm’s competitive edge
Security is a big concern for business in today’s time. Which industries are the most concerned about security issues?
When we look at the Indian market, we have BFSI, telco, retail, organisations in the government space; we have a number of sectors which basically are large. Who would be concerned about security? Typically they would be organisations that need to protect their brand & reputation in the market or have a mandatory regulatory compliance requirement. So when I look at it from a prioritisation perspective, I think BFSI is one of the key adopters from a regulatory compliance perspective, or from the perspective of data protection; ensuring there is no risk of data loss, unauthorised entry or unauthorised access into their systems. A lot of organisations have adopted such solutions. The next set of customers is from the telecom base. With the kind of massive inroads into technology, giving access, going ahead and working with clients, having huge amount of customer information are areas that organisations wish to protect. You would have heard in the news about breaches that led to degradation of an organisation’s brand value. The ITeS and BPO sector are also very stringent from a security perspective. Efforts from NASSCOM and the industry have been made to ensure that once companies from outside India outsource their infrastructure and data & applications, it is maintained and operated in the most secure environment. These companies are most concerned and want to adopt the best security infrastructure. We are also working with regular enterprises that could be across manufacturing retail, healthcare and even in the SME space.
Despite innovations, security threats persist in today’s organisations. How are the threats different today, say, with respect to around a decade back?
Firstly when you look at threats, they can be in the form of worms and viruses; unauthorised access into your network infrastructure; access of privileged users to information that they are not supposed to see; when you are looking at a global mobile workforce and you open up your access to infrastructure for productivity, security gets compromised et al. The threats have only gone more complex and with the greater penetration of IT, they are growing. Worms and viruses that harm infrastructure and productivity are there today as before. IBM has a solution called endpoint security that ensures that your patch management and virus updates are in place. For external threats, there are intrusion prevention and protection systems so that the threat is mitigated. Threats haven’t changed, they are only evolving. For instance, seven to eight years back, there was no phishing like, say, sending e-mails posing as banks and asking for your details. I think those are increasing now. Around 2-3 years back, the banking system got vulnerable in the face of these attacks.
There has been a spate of recent attacks on organisations and even government infrastructure. So does that mean organisations are not really as prepared for security breaches as they look?
You are as secure as you think you are. You think you are secure and when there is an attack, you realise that you are not. IBM has brought out a security framework that is a combination of our capability around software, hardware and services – a complete framework. It has three tenets. The first is around security governance – rules and policies that organisations lay down and ensure that they are followed. There should be a security governance leader who ensures that the rules are followed and there is a right monitoring capability in the organisation. The second tenet relates to risk management. What is your approach to managing risk? What is the analysis that you are doing on the risks faced day in day out by the organization? How do you really manage current and future threats? And what is the best way to manage security exposure? For instance, how do you really correlate that the incident that happened was due to a vulnerability in the firewall or was an unauthorised access? The third tenet is compliance. Companies must ensure that the current security infrastructure meets compliance requirements and established guidelines.
Security is a big concern for business in today’s time. Which industries are the most concerned about security issues?
When we look at the Indian market, we have BFSI, telco, retail, organisations in the government space; we have a number of sectors which basically are large. Who would be concerned about security? Typically they would be organisations that need to protect their brand & reputation in the market or have a mandatory regulatory compliance requirement. So when I look at it from a prioritisation perspective, I think BFSI is one of the key adopters from a regulatory compliance perspective, or from the perspective of data protection; ensuring there is no risk of data loss, unauthorised entry or unauthorised access into their systems. A lot of organisations have adopted such solutions. The next set of customers is from the telecom base. With the kind of massive inroads into technology, giving access, going ahead and working with clients, having huge amount of customer information are areas that organisations wish to protect. You would have heard in the news about breaches that led to degradation of an organisation’s brand value. The ITeS and BPO sector are also very stringent from a security perspective. Efforts from NASSCOM and the industry have been made to ensure that once companies from outside India outsource their infrastructure and data & applications, it is maintained and operated in the most secure environment. These companies are most concerned and want to adopt the best security infrastructure. We are also working with regular enterprises that could be across manufacturing retail, healthcare and even in the SME space.
Despite innovations, security threats persist in today’s organisations. How are the threats different today, say, with respect to around a decade back?
Firstly when you look at threats, they can be in the form of worms and viruses; unauthorised access into your network infrastructure; access of privileged users to information that they are not supposed to see; when you are looking at a global mobile workforce and you open up your access to infrastructure for productivity, security gets compromised et al. The threats have only gone more complex and with the greater penetration of IT, they are growing. Worms and viruses that harm infrastructure and productivity are there today as before. IBM has a solution called endpoint security that ensures that your patch management and virus updates are in place. For external threats, there are intrusion prevention and protection systems so that the threat is mitigated. Threats haven’t changed, they are only evolving. For instance, seven to eight years back, there was no phishing like, say, sending e-mails posing as banks and asking for your details. I think those are increasing now. Around 2-3 years back, the banking system got vulnerable in the face of these attacks.
There has been a spate of recent attacks on organisations and even government infrastructure. So does that mean organisations are not really as prepared for security breaches as they look?
You are as secure as you think you are. You think you are secure and when there is an attack, you realise that you are not. IBM has brought out a security framework that is a combination of our capability around software, hardware and services – a complete framework. It has three tenets. The first is around security governance – rules and policies that organisations lay down and ensure that they are followed. There should be a security governance leader who ensures that the rules are followed and there is a right monitoring capability in the organisation. The second tenet relates to risk management. What is your approach to managing risk? What is the analysis that you are doing on the risks faced day in day out by the organization? How do you really manage current and future threats? And what is the best way to manage security exposure? For instance, how do you really correlate that the incident that happened was due to a vulnerability in the firewall or was an unauthorised access? The third tenet is compliance. Companies must ensure that the current security infrastructure meets compliance requirements and established guidelines.
For more articles, Click on IIPM Article
Source : IIPM Editorial, 2011.
An Initiative of IIPM, Malay Chaudhuri and Arindam chaudhuri (Renowned Management Guru and Economist).
For More IIPM Info, Visit below mentioned IIPM articles.
IIPM Best B School India
Management Guru Arindam Chaudhuri
Rajita Chaudhuri-The New Age Woman
IIPM's Management Consulting Arm-Planman Consulting
IIPM in sync with the best of the business world.......
IIPM Prof. Arindam Chaudhuri on Internet Hooliganism
Arindam Chaudhuri: We need Hazare's leadership
Professor Arindam Chaudhuri - A Man For The Society....
IIPM: Indian Institute of Planning and Management
IIPM RANKED NO.1 in MAIL TODAY B-SCHOOL RANKINGS
Planman Technologies
