Issue dated - 2nd December 2002

-

CURRENT ISSUE
INDIA NEWS
BANKING SPECIAL
OPINION
TECHSPACE
EVENTS
PRODUCTS
COLUMNS <NEW>
TECH FORUM

THE C# COLUMN
BETWEEN THE BYTES
TECHNOLOGY
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Backwaters
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > Outsourcing > Story Print this Page|  Email this page
Outsourcing information security management

How do you deal with IT security? Do you simply ask your IT staff to handle it, or should you ask experts to come in? Do you just install some software and sit back, or should you be constantly worried? Goh Chee Hoh has some answers

Information security is a topic that’s understood by just a few and implemented by even fewer. In fact in many user firms somewhere along the road to implementation criticality is lost; on the other hand, implement it wrongly, and at the worst your entire company could be out of business in a span of a few seconds. Stories of damage suffered by large corporations due to security negligence are common knowledge today.

So what prevents you from deploying a security solution? Be honest with yourself. Are you really scared about security? If you are in charge of a business, I am sure you would be; even though dishing out money for a threat that you cannot account for during your planning period does not make too much business sense. At least not initially.

Perhaps scared is not the word I should use. Maybe you are just confused. And there’s no reason why you shouldn’t be. After all, there are so many security products available today. And all promise the moon and the stars. So how does one decide on the right partner to secure the enterprise?

Statis-tics have shown that more than 80 percent of malicious code attacks come via the e-mail route. Internet connectivity has made it easy for attackers to access data from outside. Lots of people think of security as extremely complicated and so they put it on hold in the hope that someday there will be a miracle that will allow them a cost-effective option, one that works at the click of a button. For those with this hope, the wait will be a long one.

But for those of you who are more realistic, consider a few questions to see where you fit in the statistics:

  • Does your business have a security policy?
  • Do you have dedicated security staff?
  • Would your security staff know what to do if a security breach occurred?

If you have answered yes to all these questions read no more. On the other hand, if you have said no, then you should consider the advantage of employing a vendor who knows your business as well as you do.

If everyone could employ their own security solutions themselves, the digital world would be a safer place. However, the problem with such a situation is that there is a shortage of qualified security professionals. As a result, many organisations assign the task of security to a single person or a group whose job role is different. These guys take security as a task to be done when time permits. But security simply cannot take a back seat. Think about it: Would you like your tailor to perform a root canal on your tooth because your dentist could not give you an appointment?

The point now is, do you employ your own security professional, or ask an existing employee to double up as one? Doubling up has the inherent danger of lack of skill sets. Of course, one way out is to train people. An IT professional becomes a security professional with a course and a certificate. But that would cost you a significant amount, and that still wouldn’t ensure you have a ‘good’ security professional. In the end, it is the experience that counts, not the amount of training.

Your firewall obviously does not carry a signboard that says, ‘Open for attacks only from 9 am to 5 pm’ . Security is a 24x7 exercise. Skilled manpower is required to assess the risk, identify the possibility of further risks, and then carry out a preventive exercise.

Another option is to hire the right people to do the job. Dedicated professional help will be any day more focused, up-to-date, skilled and more importantly, more experienced than the in-house executive. A security professional will see to it that attacks are handled from detection to solution, with proper care taken at every step. Normally, the process after buying and installing any solution is the most tedious. Technologies adopted in each category in the security field are totally different. The solution provider should have a solid reputation of transforming great ideas into cutting-edge technologies. Therefore, to choose the best from each category, i.e., the best-of-breed approach is the most effective way to deal with Internet security issues.

One suggestion to ensure a faultless relationship is to sign a Service Level Agreement (SLA) with the security vendor. Also, impose penalties for failure to deliver. Always check for case studies with the vendor. Ask around before you make a choice. Make an informed, intelligent choice. The most crucial element here is one of trust. You must be able to trust your security provider.

Goh Chee Hoh is regional sales director with Trend Micro

<Back to top>


© Copyright 2000: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.