Issue dated - 26th August 2002

-

CURRENT ISSUE
INDIA NEWS
STOCK FILE
NEW ANALYSIS
OPINIONS
STORAGE SPECIAL
TAMIL NADU
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Backwaters
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > Opinions > Story Print this Page|  Email this page

“Anti-virus, firewalls and intrusions detection systems can’t protect you from an internal threat”

The threat of insecure communications is probably at its peak in the digital era. Raghu Raman, practice head, Mahindra Consulting tells Stanley Glancy why he thinks the next killer application is security

What is Competitive Intelligence?
Machinery, capital and labour were critical factors for the development of businesses in the last century. But for the past two decades, the key business driver has been information. However, an overload of raw information has made it difficult for organisations to process it and derive any actual business benefits. Today, organisations require intelligence and not just information. The basic difference between these two is that the latter empowers the decision-maker to take informed decisions.

Competitive Intelligence is the process of sifting through huge volumes of data, converting this into actionable intelligence by first collecting the requisite data, analysing it and disseminating this information to the correct departments. It also requires one to protect this information from the competition, because once the information is made public, the organisation loses it competitive edge in the market.

How is Information Security different from IT security?
The rising importance of information as a key business driver, has made it imperative for organisations to resort to tools like computers, Internet, and Intranet for easier access to information. But most of these digital networks are insecure, as there is the risk of a competitor tapping into the system. Information Security involves the process of managing this risk, posed by the loss of information about your activities; information entrusted to you by your clients, partners or vendors; competitive advantage that is lost due to unsecured information and loss incurred due to the breakdown of your systems. Most organisations have robust security devices like anti-virus, intrusion detection systems and firewalls in place, as part of the IT security programme. But these devices are not designed to protect against information leakage. All existing operating systems, products, protocols and application are vulnerable to attacks. But companies continue force-fitting security devices on this fundamentally flawed architecture.

How does Mahindra Consulting help an organisation secure itself from outside attacks?
At Mahindra Consulting, we have verticals dealing with various aspects of an organisation’s business process. This includes SAP, business technology consulting, facility management (FM) and the special services group (SSG). Security issues are handled by SSG. There are three aspects to security: The process, technology of which IT is a part and lastly the people. We enable an organisation to set up standard processes in place, especially with regards to disaster recovery.

Most security companies are product-based. They look at defending the organisation from inside. Also, many firms hire ethical hackers to point out the flaws in their system. An attacker won’t look at the strengths, but at the weaknesses of your system. We look at security from an outsider’s perspective. We conduct a dipstick audit to get a better understanding of the weaknesses. We focus on 2-3 important business objectives of an organisation and then inform the management about the risks they face. But the people working for the organisation still remain the weakest link. A company may think it is safe, as its Internet and Intranet are not connected. But, it is connected by the people using them.

How is India placed with regards to information security?
People are still thinking in terms of IT security, not in terms of information security. Enterprises have to realise that firewalls and anti-virus can only protect you, to some extent, against outside attacks. But the main threat is from internal security leaks. Here if you are talking to a CTO about security then you are referring to IT security. But even many CEOs in the country don’t understand the difference between IT security and information security.

In India, there are few movers who are looking at information security radically. Barring MNCs with an Indian presence, there are few companies who are actually ready for this concept. They lack the vision. That is one reason why we lack a competitive edge and lose out in the international market. ISO7799 is the information security certification. But there is not even one company in India, which has this certification.
<Back to top>


© Copyright 2000: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.