About Us Products & Services Our IP Network Customer Support Resource Centre
Search
Contact Us
Sitemap
Home
  Extensity Newsletter
In This Issue
CASE STUDY
EMERGING PICTURE
KNOW-HOW
TECH TRENDS
SIFY NEWS
 
Previous Issues
 
You are here : Home | Extensity Newsletter | Emerging Picture

Security Agenda - Part II

Security equates with survival for today's organizations. So how much are Indian enterprises spending upon this all - important aspect of IT infrastructure?


This year's Infrastructure Strategies 2005 (IS 2005) survey shows that security has matured from being a marginal investment to a necessary (and larger) element of the IT budget. IS 2005 reveals increasing levels of existing security investments among organizations over the years (47 percent in 2003, 55 percent in 2004 and 59 percent in 2005). Among the issues to be addressed with these investments, viruses (85 percent of organisations) and Internet security (58 percent) are the most critical for Indian businesses. On the planned investment front, 55 percent of Indian businesses plan to invest in security during the present fiscal. This can be attributed to the fact that most organisations have made their initial investments and they are taking care of marginal maintenance.

 


Tech Talk :Viruses and Internet security are top of the security agenda for most Indian organisations. It is not surprising to see that most companies focus primarily on anti-virus and firewalls for protection. Of the respondents who have made security investments, 97 percent have already invested in anti-virus solutions and 78 percent in firewalls during the previous fiscal. This covers only the network perimeter. Advanced protection mechanisms such as intrusion detection systems and access control mechanisms need to be present for comprehensive security coverage. Presently, only 42 percent of organizations have invested in these. On the IDS front, BFSI (68 percent), BPO (65 percent) and oil/power (60 percent) have reasonable adoption levels. 50 percent of the telecom companies surveyed have invested in integrated security appliances and identity management. Access control and biometric devices are favourites with BPO and oil/power; 70 percent and 30 percent of companies in these verticals have adopted these technologies respectively. Indian organizations plan to invest in firewalls (52 percent) and anti-virus (50 percent) during the present fiscal. IDS and access control investments are on the anvil for 34 percent and 28 percent of organizations respectively. A majority of telecom and oil/power organizations plan to invest in IDS during the present fiscal (83 and 60 percent respectively). Apart from this, 66 percent and 83 percent of companies in the telecommunications vertical plan to invest in integrated security appliances and access control devices respectively.

Security vertical Research highlights - IS 2005

  • A documented security policy is used by 61 percent of organizations that have invested in security or planning to do so.
  • 63 percent of Indian organizations do not conduct security audits
  • More than half (58 percent) of the organizations perform security audits once in six months.
  • Viruses and Internet security remain the most critical concern areas (85 percent and 58 percent respectively)
  • Integrated security appliance adoption is highest (50 percent) in telecom.

* Infrastructure Strategies 2005 is a Network Magazine(NM) - IMRB survey

Security policies are of no use if they are not enforced. This is where the involvement of business heads, policy reviews, security audits and user education become important.

Corporates need to have documented security policies for effective security practices. The Infrastructure Strategies 2005 (IS 2005) results show that only 61 percent of Indian organisations (which have already invested in security or are planning to invest) have a documented security policy.


Among these, data security and unauthorised employee access top the list of priorities with 92 percent and 79 percent of organisations respectively addressing it in their security policies. Documenting security policies is crucial for its effectiveness. This will be useful if the company needs to connect with external networks or plans to go in for certifications such as BS7799. It is also helpful for conducting security audits to determine security effectiveness.

Leading the pack : Given the Indian business's present focus on scaling up to global operations/standards, it is interesting to see that its forerunners have already secured themselves. BPO leads the pack with 87 percent of companies already having a documented security policy. Oil/power and BFSI verticals follow with 80 percent and 62 percent respectively saying that they have a documented security policy in place.

Enforcing security: Security policies are of no use if they are not enforced. This is where the involvement of business heads, policy reviews, security audits and user education become important. Security is discussed at the board room level in 49 percent of organisations, which is a positive sign. When it comes to framing a security policy, CIOs (70 percent) and functional heads (67 percent) are involved in most organisations. CEOs also play a role in 44 percent of the organisations. 36 percent of organisations use external security consultants for help with drafting the policy. Security policies need to be reviewed at frequent intervals and modified if required. 29 percent of organisations review their policies once in three months, while 30 percent do it once in six months. Reviews once a year are the order of the day for 28 percent of organisations. The telecom sector (67 percent) and BPO (55 percent) lead with reviews once in three months. The next stage of enforcement is through security audits. One of the best practices used is to have separate audits conducted by the internal IT team as well as by an external agency.

Policing security : The role of a CSO (Chief Security Officer) has been debated much over the past couple of years. However, the reality remains that only 21 percent of organisations have a CSO.

Among the organisations with a CSO, the majority are in telecom (33 percent) and BFSI (31 percent). Regulatory requirements dictate the need for a CSO in these companies, who usually reports to the CEO (in 34 percent of organisations) or to the CIO (33 percent).

Infrastructure Strategies 2005 is a Network Magazine(NM) - IMRB survey

Network Magazine on Security

    Tracking and enforcing security policies is difficult without documentation. Draft and implement a documented security policy if your organisation does not have one.
  • A policy is only as good as the frequency of review.
  • Bring in external consultants for help with drafting a security policy if internal expertise is not available.
  • Security involves more than just a firewall and multiple levels of anti-virus software. Go in for an IDS and put some teeth in your set-up.
  • Good, open source, IDS solutions are available at a marginal cost. Multiple levels of anti-virus (at the desktop, gateway, etc.) from different vendors is a good strategy for better protection.
  • Outsourcing security and audits to an external entity is worth considering if internal resources are not up to the task.
 
 
Search Engine Marketing by Sify SEO
  Best viewed at 800 by 600. Copyright © SIFY Limited. All rights reserved.
Privacy Statement Disclaimer