Enterprise Information Security By CIOReview Team

Enterprise Information Security

CIOReview Team | Wednesday, 14 March 2018, 05:58 IST

  •  No Image

Traditionally there has been strict de­marcation and isolation of Enterprise and the Internet world. It was difficult to think of a marriage between the two from IT security stand point. The de­marcation was maintained by devices such as firewalls, between the untrusted outside world, the semi trusted DMZs (De-Militarised Zones), and the trusted internal network. With the advent of disrupting technologies like SMAC (Social, Mobile, Analytics and Cloud), the traditional perimeter security does not suf­fice the business need and there is a paradigm shift in the way enterprises think of security now. In today’s world, an En­terprise cannot survive with­out a seamless and secured integration with the Inter­net. In fact, most of the new business models are based on this close integration wherein the Internet becomes the basic underlying vehicle for business. The growing trend of digital transfor­mation and the uberi­zation of market place is going to continue and the enterprises need to be nimble and innovative in their approach rather than sticking to the traditional models of se­curity.

In the last year or so, industry has wit­nessed trends like software-defined networking (SDN), open source-based automation, the Internet of Things (IoT)  and the continuing rise of hybrid IT dramatically impact traditional networking. As a result of this the tra­ditional enterprise security is also witnessing a paradigm shift.

Enterprise security has been evolving, the enterprise boundaries are ever expanding beyond the traditional perimeter and are exposed to the external world con­tinuously. The information security landscape has also expanded much beyond the boundaries of the enterprise. With more and more enterprises embracing the Cloud based technologies and applications, the organisations are constantly getting exposed to new security threats. In a world of cloud computing, the use of firewall is ir­relevant and with the proliferation of zero-day virus sig­natures, virus protection is completely ineffective. Since hackers attack perimeter security from multiple channels and in a number of ways, organizations need to look out for a complete solution offering full protection. Next-generation firewalls (NGFWs) and unified threat man­agement (UTM) platforms are two well-suited solutions that can withstand these attacks, and continually protect an organization’s data and assets.

Digital transformation

2017 has been quite an eventful and significant year in terms of cybersecurity. Digital transformation has been at the fore front of every enterprise and as a result, enterprises have been exposed to a bigger risk. The high profile cyber-attacks such as Wana Cry and Not Petya, IoT security due to the Mirai botnet and most recently the Equifax breach, have a direct effect on security spend.

Gartner Inc. forecasts worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8 percent from 2017. Organizations are spending more on security as a result of regulations, awareness of emerging threats and the evolution to a digital business strategy.

In addition, regulations such as the EU General Data Protection Regulation (GDPR) created quite a buzz. The General Data Protection Regulation (GDPR) is a mandatory directive to which all organisations serving  in the European Union must comply. It will bring about a new standard in protecting the privacy of consumers. The GDPR requirements mean companies must now change the way they process, store, and protect their customers' personal data.

Attackers have been using multiple sophisticated tools to hack into the systems and now they think it would be more lucrative to monetise these tools by selling Malware as service. Cyber Criminals with little knowledge of the tools can pur­chase and use the Malware kits to launch a Cyber-attack. These tools are going to get more and more sophisticated with time and will be used extensively against target groups or entities for the credential harvesting etc.

According to a survey by North Bridge & Black Duck, the usage of open source in enterprise IT has doubled since 2010. 78% of surveyed companies run their businesses on open source. 64% currently participate in open source projects. 39% plan to launch their own open source projects. As more and more enterprises are using Open source, the biggest challenge is to take care of the compliance and the license obligations. There are so many conflicting licenses and the challenge is to protect the intellectual property in case of a breach. The com­panies need to have a robust open source usage framework and policy in place to make sure that they don’t land into a legal suit where in they have to share their intellectual property in the public domain and also risk their business.

Shadow IT
Shadow IT continues to be one of the weakest links in the whole security chain of an enterprise. As long as other functions and departments continue creating the silos of IT without the explicit approvals from IT, it is going to continue to pose a risk to the IT security of the company as these are normally very loosely pro­tected and make the enterprise vulnerable. One of the solutions which can take care of this is to go for solu­tions like hyper converge and give control to IT to manage the Infra and the security by IT so that there are no loose ends. Robust user education and training programs on the risks of shadow IT should be the fo­cus of the companies to tackle shadow IT risks.

Organisations are increasingly adopting innova­tive ways to combat cybersecurity risks which include development of a comprehensive cybersecurity frame­work, risk assessment, awareness training, etc. Today’s IT departments need to balance change & control in equal measures and to enable an environment encour­aging innovation in ‘managed’ ambits. Going by the current trends, IT is poised to play a significant role in making the business environments more agile, cost effective, innovative, competitive and secure in the coming times.

CIO Viewpoint

Winning The Cyberwar: Are You Well-Equipped?

By Manikant R Singh, Chief Information Security Officer, DMI Finance

Enterprise Security? No Easy Talk

By Yogendra Singh, Head-IT, Barista

Security At The Initial Stage

By Ashok Tiwari, Head IT, Varroc Lighting Systems (India) Pvt. Ltd

CXO Insights

The Path To Managing Data As An Asset

By Lenin Gali, VP, Data Engineering, Quotient Technology

The Benefits Of Cloud Email Security

By Murali URS, Country Manager - India, Barracuda Networks

Is Secure Access Service Edge(SASE) Part Of...

By Archie Jackson, Senior Director and Head of IT & IS, Incedo Inc

Facebook