How Companies Can Avoid IT Security Pitfalls

by Preeti S    Nov 27, 2014

cyber threat

At a time when there is huge proliferation of devices and advent of newer technologies, data protection becomes paramount for organizations. That is why Gartner predicts by 2018, more than half of organizations will use security services firms that specialize in data protection, risk management and security infrastructure management to enhance their security postures.

There is no fixed formula to devise a perfect cloud or data security strategy. “Unlike earlier when IT security was the responsibility of IT manager, today it is the entire organization’s responsibility,” said Vaidyanathan R Iyer, business unit executive, IBM Security systems in an interaction with CXOToday.

As the IT infrastructure matures, the CIOs or IT managers need to look beyond cloud. They need to ensure adherence to SLAs and draft IT policies, taking into consideration the overall benefit for the organization, he says.

In doing so, they also need to essentially avoid some common pitfalls.

By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud.

Vaidyanathan, who is also popularly called as Vaidy, feels adoption has to be contextual, as one strategy may not suit the other. The factors that organizations need to take into consideration include the kind of business they are into, its reach, customers, etc. What, according to him, is of utmost significance is basic understanding of the organization’s risk pattern. 

He advises against knee jerk reactions. An organization must analyze vulnerability and be analytical before drawing a roadmap for information security strategy. “Stop maintaining status quo, because the vulnerabilities faced by one may not be applicable to the other.”

“Information security is like a treadmill. One needs to keep running,” he says, explaining if a company fails to map its risk profile, it would be difficult for it to understand accurate needs, and hence may falter in decision-making.

The security in-charge of a company must be proactive and have basic understanding of the company’s vulnerabilities. Then, he should draw a plan, deciding if the existing IT infrastructure would suffice or look for opportunities in the market,” says Vaidyanathan, adding these small measures will go a long way in averting pitfalls.

Security spending

Gartner predicts that the security spending that is slated to be $71.1 billion in 2014, will grow by 8.2 pc in 2015 to reach $76.9 billion.

Gartner analyst Lawrence Pingree says that in 2013,  the democratization of security threats was driven by the easy availability of malicious software (malware) and infrastructure (via the underground economy) that can be used to launch advanced targeted attacks.

“This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center,” said Pingree.

The security spendings will not be widely different now too. Vaidyanathan feels while the overall structure remains the same, companies need to specifically focus on their requirements and then go for scaling it up. “It is the responsibility of the CIO to convinve the board about the investments and RoI,” he says.

Regulatory compliance

Regulatory framework has been a major concern for enterprises moving their data to the Cloud, but unfortunately it is yet to be addressed. 

“Though normal standards will apply, there can’t be any rigid framework in Cloud and data protection,” says Vaidyanathan, adding there is a need for some level of security.

“Designing standards for cloud is tough but there are agencies that have come with some fundamental standards. While allowing security to be scaled up, organizations need to ensure they are compliant,” he said.