'CIOs should pay heed to physical safety too'

by Abhinna Shreshtha    Apr 23, 2010

Rapid digitization of information has made organizations realize the importance of a 24*7,  infallible security system. However, this need to secure the company’s digital domain is making CIO’s negligent about the physical aspects of safety. Infrastructure security emerged as a pressing issue post the Mumbai attacks, with Nasscom and several major IT players stressing the need for better security measures like access control, electronic surveillance, etc.

"CXOs in India, from any vertical, have very generalized norms while purchasing security products," said Som Gangopadhyay, business line manager (banking and secure storage) for security solutions provider - Gunnebo. "Security is still an admin subject for most CIOs. Talk of electronic security or alarm monitoring to a CIO, and they would cite bandwidth constraints as an excuse."

A related issue is that of disaster recovery and business continuity. Surveys conducted by Symantec, Deloitte, and others have found that Indian organizations are woefully unprepared when it comes to business continuity in case of natural and man-made disasters. Though companies say that investments in these areas are being made and mock drills conducted regularly, the reality is very different.

So what do CIOs say? When quizzed about this, Suresh Shanmugam, head (BITS) and CIO of Mahindra & Mahindra Financial Services, agreed that this was an important aspect. "We do have collaborative solutions, like 24*7 monitoring (electronic surveillance) at all our offices and centers, which is connected to our main data center in Mumbai. My team’s responsibility is to ensure that these solutions work seamlessly and without hiccups."

Of course, being in the financial services sector means companies like Mahindra & Mahindra Financial Services are a little more proactive when it comes to security measures, unfortunately this is not a trend that is prevalent in all verticals.  

The problem, Gangopadhyay says, is that for most CIOs security is limited to keeping their digital data and the network secure. "It’s all very well to secure your database with access management, firewalls, etc., but that does not ensure total security if your database is compromised. Also, what happens if there is a fire? Most data centers are either not planned keeping natural disasters in mind or the staff is not well-trained," said Gangopadhyay.