Subodh Kumar's take on Modern Day Entrepreneurial Security
Right from an individual to an industry, the advent of digitization has disrupted the way we live. A channel, nowadays, experiences more cash flow, every time a newly advanced technology transforms into a mainstream medium for any given commerce and financial service. The resultant increase in flow of critical mass brings along with attention of other unauthentic business players who pose a threat to the safe transactions. The alarming statistics on increasing cybercrimes have become a major concern for every company that has gone digital. The reason identified can either be money extortion, intended defamation to cut down on competition or a sour employee avenging himself by stealing company data. Stolen data and a tarnished reputation ultimately lead to decreased productivity, laying a downtime for an enterprise.
Most companies perceive security as an operational function which translates into reactive and narrowed decision-making on the digital security front. The standard approach of using tactical decision-making stays effective till it’s guided by an overarching and unified enterprise security strategy. As threat tactics and methods change, enterprises must ensure up-gradation of strategies from time to time to protect themselves. Typically, a company increases its security only after a mishap and that too through internal consultation. A reoccurrence creates reluctance in seeking help from expert professionals. Such common trait of being reactive rather than proactive weakens enterprise’s security.
It’s No More On-Premise Only
With rampant adoption of cloud for infrastructure, platform and software services, IT system is completely integrated and interconnected with cloud. Thus, providing security across networks has become more daunting task than ever. A red-paper from IBM namely “IBM Recommendations for the Implementation of Cloud Security" offers insights into this evolving space. The paper reads that “Cloud computing presents an added level of risk because essential services are often out¬sourced to a third party. The externalized aspect of outsourcing makes it harder to maintain data integrity and privacy, support data and service availability, and demonstrate compliance.”
Thus, we observe that a comprehensive framework is an absolute prerequisite for cloud security, which drives and handles threats to identity, Data, Applications, Network and Physical Infrastructure.
Employee’s Productivity vs. Enterprise Security
For attaining greater profitability, attention must be on devising techniques to increase productivity of an employee. Movable hardware like Laptops, USBs and even smart phones (BYOD) form an essential part of a planned efficient environment, as it helps employees churn out work even when on the move. This most commonly applied theory, which is popularly practiced, is in contradiction to the IT security goals. The traditionally defined enterprise network perimeter around an enterprise's information assets is no longer realistic, as extending reach limit of precious company data for mobile connectivity breaches barriers meant to keep them secure.
We must mitigate the visible risks as much as possible. The underlying fact is that, security is an ongoing balancing act, between the security setting and the enterprise’s productivity needs. Certain enterprises extend freedom of network usage to their employees for using only on professional grounds. Not only well-known applications such as instant messaging (IM) and peer-to-peer are hardly used for the purpose they are designed but also have security implications. This further toughens the task of balancing between productivity and security.
The growing demand for a mobile workforce exposes networks to increased risk of potential data leakage. The security should be examined through periodic audits, evaluations, risk analyses, and approval reviews. COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework for IT management and IT governance. COBIT provides following implementable "set of controls”:
• Plan and organize. Perform an assessment of the existing infrastructure to determine its strengths and weaknesses. .
• Acquire and implement. Evaluate, select and implement solutions that best match requirements.
• Deliver and support. The solution being implemented should protect confidentiality and integrity of sensitive information by managing user privileges and restricting transfer of information to users and unauthorized devices.
• Monitor and evaluate. Ability to continuously measure performance of an enterprise's established IT infrastructure.
Maintenance of the total cost of ownership (TCO) has always been a challenging task for CTOs, CIOs and CSOs. The following aspects must be kept in mind while choosing a security service provider:
• Long-term partnership: Consider partnering with a stable vendor with proven track record of delivering quality services to varied cliental over a long period.
• Expertise of Provider: A competent provider recruits security experts from different backgrounds including e-commerce, military and government etc.
• Range of the services: Leading providers offer complete set of managed and consulting security services that include; managed mail security, managed firewall, managed intrusion detection system, and threat and vulnerability management etc.
IT security has finally gained precedence in the management structure, where teams invest in improving their IT efficiencies now. Be it planning, implementation, delivery or monitoring, companies are fast framing policies to enhance company profit margins via improved employee productivity. Using platforms like cloud, companies are therefore creating a balance in the entrepreneurial landscape, ensuring better stability and security.