Indian organisations need to take security far more seriously than they currently do. There are many elements which need to be understood and acted upon. While security services can be expensive to deploy, the solution of not using them can be even more costly. Security needs to be considered at four levels:
Internet: An Internet-based can help filter email for spam and viruses. Considering that the majority of email received is spam, this can help kill spam earlier in the value chain. In India, this also helps save on bandwidth. The same applies for viruses. In addition, ensuring that most spam does not reach the user also helps reduce the frustration levels in having to deal with spam.
Local Network: The perimeter of the enterprise needs to be guarded. A security appliance which provides the essential functionally of a firewall, virtual private network and intrusion detection is what enterprises needed. This could also be integrated with the messaging server, and complemented with local anti-virus and HTTP virus scanning. Care must be also taken to put in place the right security policies.
Desktop: User actions at the desktop are a source of vulnerability. By clicking on innocuous-looking attachments in email, viruses can be unleashed. In todays world of connected networks, all it takes is one unprotected computer to create havoc. Server-centric computing with open-source applications on the desktop can help almost eliminate the threat at the local desktop level.
Application-level: An oft-ignored area is application security. Since more and more companies are putting their business online, it is important to also ensure that web applications are protected. A presentation by Jerry Berkman captures the concepts involved.
Looking at from another side, there is an opportunity for Indian software companies to create security solutions and services and offer them to organisations globally. Walter Mossberg provides a sense of the opportunity:
[Today,] you have to buy each of [the security components] separately, because each takes care of only a narrow slice of the growing problem of criminals and slimeballs who want to invade your computer. Antivirus programs can’t stop hacker intrusions or recognize spyware. Firewalls and spyware programs can’t detect viruses. Windows updates close vulnerabilities the criminals use, but don’t clean up any damage done.
Yet, few consumers really care whether an invasion is classified by the experts as a virus, a worm, a Trojan horse, a browser hijacker, spyware, adware or just spam. Focusing on the difference between a virus and a spyware program is like focusing on what kind of lock-picking equipment was used by the burglar who just broke into your home. The experts may care, but all you know is that you feel invaded.
What we consumers need is a simple, unified protection plan to counter all of these threats. And the computer, software and Internet industries have badly failed us in this regard. They would rather dump the security mess in the laps of users than solve it at the level where a solution really belongs: in the operating system, or the hardware, or the online provider’s servers.
So, anyone up to it?
TECH TALK Tech Trends+T