HT PowerJobs: Securing the network
It's become absolutely imperative for a corporate house to secure its network from hackers, writes Varun Soni.india Updated: May 23, 2006 15:19 IST
The proliferation of technology has created a mobile society consisting of millions of telecommuters, field workers, travelling sales personnel and home-office workers. Users can connect to their office networks from hotels, airports and other remote locations besides home.
Today, the word 'network' has larger connotations. Network now encompasses the whole process of information creation, flow, storage and processing. In other words, it is the lifeline of the process of value creation, on which a company thrives.
But, the very features of connectivity and accessibility that make networks so indispensable to contemporary society, are today creating unforeseen consequences - making it important for organisations to adopt security measures. Some have their applications protected with robust encryption; others are looking to lock down their networks in the face of external threats; still others want to open their networks up to partners, customers and the mobile workforce, without compromising on security.
Says Niraj Kaushik, Country Manager, India and SAARC, Trend Micro, "Indian enterprises are becoming increasingly aware of the need for a better defined security environment, though a recent KPMG survey reveals the shocking fact that more than 70 per cent of Indian corporates still do not have a formal security policy yet."
Adds Ross Wilson, MD, South Asia and India, RSA Security, "An enterprise's network, information systems, databases and processes are essential for its survival and must be protected from threats.
Unauthorised users can break into an organisation's network to steal information or create damage. Hackers often target business and financial institutions possessing data that can be further exploited. This enhances the role of network security today."
The importance of network security has even prompted the Indian Computer Emergency Response Team (CERT-In) to sign a MoU with Cisco Systems on security co-operation. Both parties will work together to increase Internet security threats faced by critical information infrastructure.
This will be done by improving computer security readiness and raising awareness about the importance of keeping systems and cyber infrastructure secure, software up-to-date and security practices and procedures current.
What are the problems that companies face if their networks are not protected? "Loss of competitive advantage, brand, client confidentiality and confidence and punitive action by regulators due to non-compliance of strictures such as SOX, Basel etc.," answers Captain Raghu Raman, CEO, Mahindra Special Services Group.
So, what are the ways through which networks can be secured? Says Sanjay Manohar, Country Manager, 3Com India, "Organisations should deploy standard, network-based tools like firewalls and intrusion detection systems as well as host-based security solutions on individual computers. In addition, intrusion prevention systems (IPS) have been proven to block attacks that bypass these traditional security tools through total packet inspection and prevention. Like anti-virus products, intrusion prevention systems are updated. However, they are more comprehensive because IPS blocks a wide range of threats like denial of service attacks, worms, viruses, trojans, buffer overflows, spyware, phishing and voip threats."
Adds Wilson, "Enterprises today have multi-layer data protection mechanism like data security based on role, level, hardware, software etc. But across levels, the only way to get access to data is by putting in the right user name and password, which can be easily hacked. So, the best way is for financial institutions and the government to reduce online fraud including upgrading existing password-based, single-factor customer authentication systems to two-factor authentication."
What are the advantages of network security? Says Manohar, "Network security solutions are much more easy to deploy than host-based or desktop solutions. Network solutions can protect the entire network through a centralised solution, whereas host-based security solutions, like anti-virus software, must be deployed on individual machines. Deploying host-based security is time-consuming and sometimes it is impossible to control the individual's desktop as in the case of education environments where the university does not "own" the student's computer or in the case of an Internet Service Provider who does not own its customers' machines.
"In such a case, a network security solution is much more efficient and can protect the organisation and its users from threats. It's also more difficult to update and patch host-based solutions since this must be done on each individual machine. In large organisations with thousands of employees, this can take weeks."
Hence, the importance of network security!