Welcome Guest | |
Follow Us:
    
Newsletter Signup:
Editorial
Security Woe That Refuses to Go Security vendors and general media are really fond of tom-tomming high-profile security and privacy breaches as thumb sores for most CIOs to put a solution salve to By Sanjay Gupta, NWC, July 01, 2008
      


Security Woe That Refuses to Go


Security vendors and general media are really fond of tom-tomming high-profile security and privacy breaches as thumb sores for most CIOs to put a solution salve to. And yet, time and again, such breaches continue to cock a snook at companies’ so-touted secured networks.

According to a recent Strategic Security Study by InformationWeek (which shares United Business Media as a parent company with Network Computing), as many as 53% of nearly 1,100 IT and business professionals responded that their organizations are as vulnerable to malicious code attacks and security breaches as they were about a year ago. And 13% even admitted they are more vulnerable than before. This, despite the fact that for about a third of respondents, security accounted for at least 11% of the total IT budget.

It doesn’t mean that security solutions are ineffective or that companies are unable to use them properly. But the study and its implications point to a sorry situation: despite the best of software and the most liberal of budgets, most organizations remain at the mercy of spamsters and scalawags.

The situation could be particularly severe in India, where much of organizational security hinges on simple passwords (which are often shared among workers), outdated anti-virus, and slippery firewalls. A few exceptions are, of course, some leading banks that have indeed put in place multiple top-end mechanisms to prevent breaches and frauds.

The problem is compounded by the growing number of ways in which malicious attacks happen and the increasing complexity resulting from a mobile, multi-device workforce. In such a scenario, the traditional, point approach to security must change to become more inclusive, flexible, and dynamic.

To their credit, several organizations are gradually junking the patchwork approach they used to take and embracing policy-based initiatives with critical inputs from other departments as well. From the vendors’ side, they are making attempts to simplify their offerings to envelop the changing work and compute environments.

Having said that, however, CIOs as well as CFOs (or whoever holds the purse-strings) must do much more to tighten the screws on security. I remember listening to a security talk sometime back where two things emerged as recurring motifs. One, security policies should be role-based and have to be enforced rather than merely shared within the company. And two, security must become a key element in the board-level risk management strategy and, therefore, put on at least a three- to five-year radar for broader direction-setting. Of course, the individual take-offs and landings will continue to be steered clear of trouble by the IT department’s traffic controllers.

Please do share with me your security bugs and how you swat them away.



blog comments powered by Disqus
Featured Videos


 
    
 
     Analytics & Reports
Tech Center : Understanding The Danger Within
Data Center Automation - 10 Questions to Ask Before Proceeding
Identity Management: 10 Questions to Ask
Tech Center: DBA Guide to Improved Security
Research: 2009 InformationWeek 500 Report
Future Strategist Award
Who's next in line for the CIO position?
As a CIO you mentor someone in your organization for the future IT leadership role. InformationWeek would like to acknowledge and felicitate that special person at an awards ceremony at Interop
Top Stories
Case Study
How Patni built its private cloud
Patni's global head of technology, Satish Joshi, explains the challenges and nuances of building a private cloud
InformationWeek India on Facebook
Inteorp Mumbai 2010
Interop Mumbai 2010