The Modern Day Entrepreneurial Security

by Subodh Kumar, Head of Technology, Magicbricks

Right from an individual to an indus­try, the advent of digitization has disrupted the way we live. A chan­nel, nowadays, experiences more cash flow, every time a newly ad­vanced technology transforms into a mainstream medium for any given commerce and financial service. The resultant increase in flow of critical mass brings along with attention of other unauthentic business players who pose a threat to the safe transactions. The alarming statistics on increasing cybercrimes have become a major con­cern for every company that has gone digital. The reason identified can either be money extortion, intended defamation to cut down on competition or a sour employee avenging himself by stealing company data. Stolen data and a tarnished reputa­tion ultimately lead to decreased productivity, lay­ing a downtime for an enterprise.

Most companies perceive security as an opera­tional function which translates into reactive and narrowed decision-making on the digital security front. The standard approach of using tactical de­cision-making stays effective till it’s guided by an overarching and unified enterprise security strat­egy. As threat tactics and methods change, enter­prises must ensure up-gradation of strategies from time to time to protect themselves. Typically, a company increases its security only after a mishap and that too through internal consultation. A re­occurrence creates reluctance in seeking help from expert professionals. Such common trait of being reactive rather than proactive weakens enterprise’s security.

It’s No More On-Premise Only

With rampant adoption of cloud for infra­structure, platform and software services, IT system is completely integrated and interconnected with cloud. Thus, providing security across networks has become more daunting task than ever. A red-paper from IBM namely “IBM Recommendations for the Implementation of Cloud Security" offers insights into this evolving space. The paper reads that “Cloud computing presents an added level of risk because essential services are often out­sourced to a third party. The externalized as­pect of outsourcing makes it harder to maintain data integrity and privacy, support data and ser­vice availability, and demonstrate compliance.”

Thus, we observe that a com­prehensive framework is an abso­lute prerequisite for cloud security, which drives and handles threats to identity, Data, Applications, Net­work and Physical Infrastructure.

Employee’s Productivity vs. Enter­prise Security

For attaining greater profitability, attention must be on devising tech­niques to increase productivity of an employee. Movable hardware like Laptops, USBs and even smart phones (BYOD) form an essential part of a planned efficient environ­ment, as it helps employees churn out work even when on the move. This most commonly applied theo­ry, which is popularly practiced, is in contradiction to the IT security goals. The traditionally defined en­terprise network perimeter around an enterprise's information assets is no longer realistic, as extend­ing reach limit of precious com­pany data for mobile connectivity breaches barriers meant to keep them secure.

We must mitigate the visible risks as much as possible. The un­derlying fact is that, security is an ongoing balancing act, between the security setting and the enterprise’s productivity needs. Certain enter­prises extend freedom of network usage to their employees for using only on professional grounds. Not only well-known applications such as instant messaging (IM) and peer-to-peer are hardly used for the purpose they are designed but also have security implications. This further toughens the task of bal­ancing between productivity and security.

The growing demand for a mo­bile workforce exposes networks to increased risk of potential data leakage. The security should be examined through periodic audits, evaluations, risk analyses, and ap­proval reviews. COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework for IT manage­ment and IT governance. COBIT provides following implementable "set of controls”:

• Plan and organize. Perform an assess­ment of the existing infrastructure to determine its strengths and weaknesses. .

• Acquire and implement. Evaluate, select and implement solutions that best match requirements.

• Deliver and support. The solution being implemented should protect confidential­ity and integrity of sensitive information by managing user privileges and restrict­ing transfer of information to users and unauthorized devices.

• Monitor and evaluate. Ability to contin­uously measure performance of an enter­prise's established IT infrastructure.

The Cost

Maintenance of the total cost of owner­ship (TCO) has always been a challeng­ing task for CTOs, CIOs and CSOs. The following aspects must be kept in mind while choosing a security service pro­vider:

• Long-term partnership: Consider part­nering with a stable vendor with proven track record of delivering quality services to varied cliental over a long period.

• Expertise of Provider: A competent provider recruits security experts from different backgrounds including e-com­merce, military and government etc.

• Range of the services: Leading provid­ers offer complete set of managed and consulting security services that include; managed mail security, managed firewall, managed intrusion detection system, and threat and vulnerability management etc.

Conclusion

IT security has finally gained precedence in the management structure, where teams invest in improving their IT effi­ciencies now. Be it planning, implementa­tion, delivery or monitoring, companies are fast framing policies to enhance com­pany profit margins via improved em­ployee productivity. Using platforms like cloud, companies are therefore creating a balance in the entrepreneurial landscape, ensuring better stability and security.

 

Facebook