'Consumerisation Of IT Is Leading To Collisions Within Enterprises'

With the security landscape changing with Web 2.0 and mixed data centre environments, managing it is becoming a rather complex task. Shantanu Ghosh, VP-India Product Operations, Symantec, sheds light on the company’s latest offerings and how CIOs can leverage the same.

What role can DeepClean technology play in a security environment?

The industry has reached an inflection point where instead of good programs being created, there are malicious programs being injected into the system. Also, we have reached a point where it no longer makes sense to focus our efforts on analysing malware. We instead analyse goodware, which is more economical and less time consuming for customers. While ‘whitelisting’ as an approach is not new, assigning every application a reputation value helps to strengthen the protection significantly. Deployed on the network perimeter of the enterprise (i.e. the perimeter or boundary points of the enterprise), DeepClean technology monitors and provides risk assessment reports to IT administrators.

Also, DeepClean is able to effectively categorise files based on reputation. In 2007, Symantec documented 122 vulnerabilities in Mozilla, 47 vulnerabilities in Safari and 57 vulnerabilities in Internet Explorer. To address these threats, Symantec Research Labs Core Research group has developed VIBES (Virtualisation Based Endpoint Security).

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

By transparently setting up multiple, isolated virtual execution environments, each with its own level of trust, this approach improves browser security by enabling users to seamlessly use different virtual execution environments for carrying out different Web transactions.

With organisations looking at SaaS favourably, how can DeepClean help them with security on the SaaS front?

SaaS poses a number of information security challenges. IT companies that offer SaaS either host client data on their servers or possess access to client systems, both of which pose security threats. Therefore, key concerns that face CIOs and CTOs of firms adopting SaaS include: safety of the information, data backup, data recovery, the ability of the SaaS provider to address issues regarding perimeter security and the ability to detect and prevent a data breach. DeepClean employs whitelisting and reputation analysis and supplements existing approaches such as signatures, heuristics and blacklists to detect Internet threats and targeted attack types.

As organisations optimise their existing investments, how do you see the adoption of these technologies taking place?

Even in times of economic slowdown, companies have begun to realise that any threat to information could lead to huge financial losses or even damage their reputation. So, though organisations are optimising IT investments, security would be the last thing that they would like to compromise on.

What issues do you see CIOs facing when it comes to endpoint security?

Some key technology trends will affect the way CIOs protect their information. These will be:

Consumerisation of IT - The possibility that an employee might copy data on his personal memory device from the company laptop is very high in today’s times. If security becomes restrictive, then enterprises will have to strike a fine balance between productivity and security. So essentially, the ‘Consumerisation of IT’ is leading to a collision between the IT environment of the enterprise and consumers within enterprises.

Information is the target - Information is doubling every two years and budgets are squeezing, thus, posing a security challenge. Cost of software and devices is falling, so it is not about systems any longer; but the cost of information is growing. Attacks are not mere data breaches any more; they go beyond to target financial gains.

Browser Security - Browsers have become ubiquitous as the usage of Internet is scaling up. Online attacks have started to mime real-life organised crime patterns by recognising potential targets before launching the attacks. There is a great need today than ever before to have security, which understands that information is no longer static.

IT Governance and Risk Compliance – Indian companies now work trans-nationally, so compliance and government regulations have become more critical. Hence, compliance and IT governance have to now take a risk-based approach. Organisations need to have the flexibility to identify risks to their data while at the same time not hindering productivity.

Change in mode of backups and archival - Change from tapes to disks for storage could possibly change the way companies backup information. If storage costs continue to rise rapidly, they could make it harder for companies to store and exploit new forms of data. IT executives should develop better policies for managing storage and for communicating more effectively.