End Point security is Vital

Ensuring security by concentrating only on the perimeter will not be enough. A recent Frost and Sullivan conference dealt with issues surrounding endpoint security and also stressed the need to follow the best practices to ensure that data is not accessed by all and sundry.

“The endpoint security market in India is expected to grow at a 19.8 percent CAGR from 2004 to 2011 reaching $964.1 million in 2011, following increased awareness for the need to secure internal endpoints and network admission initiatives by Cisco and Microsoft,” said Alok Shende, Director, ICT Practice, Frost & Sullivan.

“We are seeing security in a new light,” added Shende. The mindset of the hacker has changed from what it was in the early days. Initially, the rationale behind an attack was being able to prove the attacker’s expertise in the field of networking and security. Now the motive is theft of vital information and wealth.

Networks are business enablers. Every point in the network is vulnerable. Organisations are no longer an island, there are people coming in and out of the system every second. With basic security systems in place such as a firewall and an anti-virus system the focus is shifting towards managing identity.

This is increasingly becoming important because maintaining anonymity is simple over the Internet. Apart from this adhering to compliance regulations is gaining relevance. Also companies need to have their policies in place. Laying down strict regulations with respect to data access by employees is necessary.

The conference also spoke of social engineering, phishing, access control management, education and awareness as some of the security challenges faced by organisations. Another discussion was on partners needing to adhere to security regulations as well.

The highlight of the conference was a panel discussion that saw the participation of industry veterans like V Krishnan, Vice-president, Risk and Controls, Treasury and Securities Services, J P MorganChase, Manish Sethi, Head Security Solution, Datacraft India, Maheshwaran S, Technical Manager, South-East Asia and India, Websense, and Burgees Cooper, Head, IT Security, Hutchinson Essar.

“IT security is more a subset of information security. It tackles the ability of people to attack information. Information security transcends IT security,” said Krishnan. The panel spoke on the necessity of preserving customer interests and protecting the customer.

Krishnan made a valid point that when the customer was taken care of the organisation was in turn taken care of by itself. The panelists endorsed the importance of classifying information and setting strict rules as regards to information access by several employees in the organisation. Speaking on the people aspect of security, Cooper insisted on the importance of background checks.

A regular audit was stressed upon by the panel. “It is necessary to review how many services have undergone checks. It is also essential to review the successful attacks on the system and the number of times it has taken place,” said Cooper.