siliconindia logo
CIO City >>  Expert  >>  

Vinay J Bhide

"Organizations Have To Regularly Be Updated With Latest Technology and Identify Cost Efficient Solutions"


Maximizing the cost efficiency for Information Security
Information Security can be built by various key factors. Today’s World Wide Web is far more powerful and faster than before. Corporate and office network has not just remained a local network but has moved to the Cloud. Business Services can be accessed from anytime, anywhere rather than just local offices. But, securing business information has become more challenging. In olden days, most security manuals were concentrating on inside threats, as all business services were available locally. Now Information System has internal as well as external threats. Traditional Security controls mostly involved Antivirus, Firewalls and Proxies to protect Information and Assets from different threats. In today’s world, organizations have to explore many more sophisticated tools to protect Business information. Antivirus has come up with not just signature based monitoring but behaviour based monitoring. It has incorporated advance features like Host based Intrusion Prevention System, Device Controls, Compliance Management, Desktop firewall.

In earlier days Firewalls focussed on protection at perimeter level but now firewalls come with advanced features like, Application Controls, Intrusion Prevention System, Data Leak Prevention and Virtual Private Network, UTM have developed. Proxies also arenot only doing content based monitoring, but also category based, behaviour basedand time based monitoring. Few OEMS have come up with proxies that have an added feature of L4 monitoring which was not available earlier in traditional proxies. Easily accessible user friendly technologies like Vulnerability Management, Dashboards are available in today’s market which is meeting business requirements without hiring external consultants.

Overall global economic slowdown has made the business environment more challenging. It has a huge impact on business developments, supply chain and operation management. However, it is very necessary to justify the cost for overall business management. Management is looking for a fine balance between “Need to have and Nice to have”. Today’s Industry requires business compliance with many standards like PCI, ISO, governance etc. Government has also developed stringent regulations, laws and act. It has become very important for Information Security Officers to protect the business information and at the same time focus on maximizing cost efficiency.

Information Security Officers have to do a deep study to build Information Security. The Information Security Officer has to understand today’s business requirements, and also have to contribute in business development. The role has to balance business needs and Information security requirements. He has to be in pace with industry developments by keeping regularly updated with latest technologies and identify cost efficient solutions. Information Security officer has to get into business shoes rather than just limiting it to security and protecting information.

To deploy strong Information Security, it is important to understand internal as well as external users. Identify different business requirement, needs and services. One has to ensure Information Security from end users is not limited to perimeter but extends right up to the cloud. Identify the various different standards, laws and relevant regulations that apply to thebusiness  and which need to be complied with. Identify different threats and controls to minimize the risk to the information. The Security Officer has to ensure he is regularly updated with the latest Technology, understand the latest Business trends and requirements, and follows Risk Management to balance betweenCost, Technology and Risk to maximise cost efficiency.