"It is important to align the IT Security framework within the organizational structure" Says D.Nataraj - CIO, Hexaware Technologies in his Key note address on Risk Mitigation at an event presented by RSA and Cisco, conducted by IDG at The Chancery Pavilion, Bangalore on 27th July. Businesses are facing a number of challenges when it comes to securing confidential data such as credit card numbers and other personal financial information, employee data, Social Security Numbers, Medical records etc. It is important for companies to take the first step and evaluate the business from a security point of view. This will give the management a fair idea of the risk loopholes so that they can develop or refine risk management strategies and policies. With the amendment of the Indian IT Security Act which calls for "Unlimited Liability for data breach" for failure to protect loss of confidential data by an organization, data security has become even more critical.
Comparing the importance of Risk Mitigation for a company to the benefits of a morning walk for an individual, Nagaraj pointed out that there is a knowing - doing gap which needs to be resolved. With the soaring popularity of Social Networking, Cloud Storage and Virtualization, a business now faces several challenges due to expanding information. As businesses grow, company information needs to be shared with several users such as remote employees, partners, contractors and even the customers. These users connect using different devices from laptops to smart phones. He suggested that a Data Loss Prevention (DLP) Program designed to maximize information security practices and operations in a non - disruptive way would help businesses clean up their act and stay in business.
In the panel discussion lead by Gunjan Trivedi, Executive Editor, Channel World and CIO Magazines, the IT Executives gathered, tried to define what "Reasonable Security Practices" are and "How Secure is Secure enough". Everyone agreed that though businesses need to secure the data, the cost of security should not be more than the value of data that needs to be protected. By applying effective Information Risk Management practices and using proven technology solutions, businesses can comply with multiple regulations while protecting information across the organization throughout its lifecycle.
Key Highlights
Andy Norton
On "How Cyber Criminals Are Gunning For Your Enterprise Network"
Describing the Recent Market Trends in Risk Mitigation, Andy Norton, from the Threat Response team at Cisco Systems said that traditional security measures are not enough to handle new threats such as Web Site Hijacking, Domain Landing and Fake Anti Virus, Fake Social Networking Profiles, Search Engine Poisoning, SEO Poisoning and other kind of Fully UnDetectable (FUD) and custom built Malware. He stressed business owners should increase their efforts to build security protections into their products and services and not have a bolt on approach toward security.
Sudeep Das
On "How Businesses Can Focus On IT Governance and Not Just IT Compliance"
According to Sudeep Das, Lead Consultant - DLP, RSA, the Security Division of EMC, a CSO needs to look at organizational security from a business requirement such as regulatory controls, Information Protection, Customer Protection and Brand Protection as well as a Business Enablement such as Customer Services, Innovation, Productivity and Globalization. He said it is impossible to secure data which the organization does not manage and for that, one needs to know where the data currently exists. He stressed on the importance of data being protected at all stages, whether it is at rest in any of the virtual or physical storage devices including memory sticks, CD ROMs or external hard disks, whether it is in motion in the form of an email, IM or a web transfer. He also mentioned that an effective DLP solution should be able to provide an "out of the Box" solution to a business organization and at the same time be capable of adapting to individual business requirements.
