Pacing with Security Evolution

 

By Tom S. Noda
Published in the CWP November 2009 issue

The IT security world is ever changing, thus it is essential for companies to keep adjusting to change. However, it would take more than just technology to keep pace with this evolution.

“Live in the present and anticipate the future,” was the advice given by Matthew Gyde, general manager of security solutions in Datacraft Asia.

During the Computerworld Philippines Executive Briefing on “Cyber Security” last Oct. 1, Gyde said the IT security world has changed in the last 12 months and steps should be taken to reinforce the security blanket.

Gyde reveals that vendor software has never been more secure and says the time will come when software products will have “zero vulnerability.” However, he advised that companies need to be ever more secure, since hackers are bent on attacking users individually.

He notes that total vulnerabilities in Microsoft software decreased 18% in 2008 and Web application vulnerabilities are getting harder to exploit. Hacking servers is also getting harder. Yet Gyde says it is not right to think that security and privacy has a start and an end.

“People are your greatest asset and simultaneously your biggest threat,” he says, explaining that a company may have solid defensive IT security in place, but hackers are going to go and find an easier access point. “You have to have enough security but must also be able to deter people who would want to damage your network.”

Security professionals, he notes, need to enable the business and not disable it. They need to figure out what’s best for the organization. “While certain security and privacy issues can be addressed with IT products, these products should not be confused with a business strategy.”

To defend against hackers, Gyde teaches companies should develop a security policy that incorporates all the relevant compliance and governance so they can adopt a strategy and program to take business advantage. Training that enforces the need for security with very employee must be practiced. And a federated model that promotes distributed responsibility for security and privacy issues should also be considered.

SAAS SECURITY
With the current financial crisis, more companies are looking at software-as-a-service (SaaS) model to curb the cost of IT spending. And Jojo Colina, head of ePLDT’s product management and development group, says SaaS security is basically choosing the right vendor.

He warns that SaaS industry in the Philippines is still very young and not all vendors will employ the most secure methods.

“It is important that the client exercises due diligence in the selection of a SaaS vendor since they are entrusting their critical data to a third party. You must investigate the vendor and look past rich application features because they are not the only thing to look for. It could later turn out that a vendor has little SaaS experience. Know the risks that you’re taking.”

Colina shares three different dimensions to consider when choosing a SaaS vendor. And they are: how software is licensed, its location, and how it is managed.

BUSINESS SECURITY
Evelyn Del Monte, senior systems engineer of iSecure Networks, Inc., also shares some tips on network security. She says that securing an organization is a collective process and mechanism. It is, therefore, important to look at the IT security of an organization as a system of inter-related subsystems.

Del Monte says that a holistic approach is needed rather than fractional or partial ones. This involves both entry-level and endpoint level as network infrastructure will be safe and protected both inside and out of the system.

For the entry-level, she advises to look for a UTM Solution, whether in the form of an appliance or software. It should have monitoring and reporting capabilities, a cache proxy, and is able to provide the right features, upgrades, efficient technical support, among others. Yet on the endpoint-level, it must be user-friendly, has virus definition and scanning engine updates, real-time scanning, system resources consumption and other features.

SOCIAL INSECURITY
Meanwhile, Robert Pareja, an anti-malware engineer at Trend Micro, addressed the security concerns related to social networking sites and Web 2.0, the two popular user trends today that are emerging to be either boon or bane to business.

Pareja says data needs to be protected if these technologies are being used by the business, but must be done at different layers.
“You must know your data, manage and protect it well,” he says, suggesting the following as integral to the security practice: codes should be institutionalized; PCs and servers are well-run with the latest software updates and patches; and protection that is multi-layered, integrated, and reinforcing.

Possibly Related Posts:


  • Multiply
  • MySpace
  • Digg
  • Delicious
  • Facebook
  • Squidoo
  • Twitter
  • Yahoo Buzz
  • LiveJournal
  • Google Bookmarks
  • StumbleUpon
  • AOL Mail
  • DZone
  • Ask.com MyStuff
  • AIM
  • Share/Save/Bookmark
 
 

Tagged as: , , , , ,

 

Comments

No Responses to “Pacing with Security Evolution”

Write a Comment