On Technology | ‘Security shouldn’t be a bolt-on exercise’

On Technology | ‘Security shouldn’t bea bolt-on exercise’

Technology has changed and continues to change the way companies do business. But it isn’t easy for decision makers at companies to keep track of new technologies and understand how the use of these can change their companies and its processes for the better. To help readers chart these waters, Mint presents an interactive column on corporate technology?with questions answered by experts. This column looks at managing data security.

Are the bad guys getting more devious, or are the security technologies just not keeping pace? What do you think?

There’s no doubt that the bad guys are getting more devious. Every day, there are examples of new threats because of new technology, new ways of doing things.

It’s an added burden on chief information officers (CIOs) and chief security officers (CSOs) while trying to extend the organization to their customers, suppliers and partners removing traditional boundaries and barriers of the enterprise. What comes with that is a huge increase in the numbers of identities an organization has to deal with. That adds exponential complexity to the organization and how they deal with it from a security perspective.

Add the more recent burden of having to meet regulatory requirements and the problems of how to report on compliance to the security systems and how to actually monitor that you’re meeting those regulations, and you can begin to see the challenges many CIOs and CSOs face in the business.

What impact does opening up of new channels have on the security strategy of enterprises?

Opening up new channels could mean new technology channels such as mobile, where you have got a lot more data flowing over mobile networks, or it could mean opening up IT systems to partners, outsourcing, service providers, customers. So the concept of new channels is sort of two-dimensional. That adds to complexity, since you’ve got newer tax areas, more people, and more identities to manage. But this is a fact of doing business today, where people demand more access to services and information over the Web and that too via wireless.

What is the best way for companies to simplify their security strategy?

Many organizations wrestle with what I refer to as a balance problem: getting security balanced with the organization’s business goals. It’s amazing how many companies don’t actually assess and manage risk to the business.

Second, security shouldn’t be a bolt-on exercise; that’s where a lot of complexity comes from, security beingan afterthought. Instead, it should be embedded within the business.

Third, there’s a real opportunity in the need to be compliant with regulations; it could actually a great catalyst for an organization to assess whether it is secure and the complexity of security is balanced against what the regulators?believe?should be in place.

Readers are welcome to write in with their queries to askmint@livemint.com

This issue’s expert is Neeraja Murthy,?security solutions lead, Accenture’s India practice.