 "Well-Managed Security Is An Asset")
It may seem that without the penetration of unstructured social data in an enterprise, security need not be considered a priority. But that is incorrect. Every business has confidential data and invariably faces a threat to it. The basic and most primeval businesses will also have an email account and with just that, data breaches become a possibility. An organisation will also never work in isolation and will require interaction with other companies which becomes another point for data exchange and a point for data breach. Another threat is that of smartphones which have now become vital to doing any kind of business - to stay constantly connected.
Even if security is on the agenda, when it comes to cost cutting, security is the first to get the axe. Security measures are never at the top of a to-do list and that is the biggest sign of trouble. Buying infrastructure isn’t necessary and cloud computing can be leveraged to do some heavy lifting and manage IT internally. Outsourcing is also an option. But companies cannot outsource and forget about it. One has to be on top of it even if it has been handed over to a third party service provider. Cloud service vendors will manage security but there will always be issue with regards to data and privacy. Some sensitive data will need to be worked on only internally regardless of how encrypted vendor options are. Why I say that is because no regulations have been formulated. Hence, this is a very grey area under the law and needs to be always on the radar for the company. Due to competitive pricing, security infrastructure is now getting cheaper which makes budget cutting at the cost of security an unnecessary risk.
Online Customers, Security & Your Brand
Taking one’s business online has now become crucial in the competitive market. The only deterrent that remains is data security. Customers are online, business is lost if the brand isn’t. So to get started the first thing to focus on is what kind of infrastructure is required. This will depend on the size of the company. One provider will not do all the IT for a small organisation.
Talking about brand value, when Dominoes had their databases leaked, that was not a problem because that was not absolute critical information. But the negative press that followed definitely affected the brand. It is about the company reputation. With such kind of information mostly the target result will be spam. But the trust is damaged and business is done on reputation. Privacy and ownership of data is the question and issue here. Spam is no more an issue we are used to being spammed. A small bit of data mixed with social data creates a big web of information about a person and that give hackers a lead. This security concern is a little inflated. Getting, for example, someone’s email id and number from a data breach with a fast food company needs to be backed by extensive research and data about bank accounts and other social data to create a package of information that can be used against that person for fraud. This is not impossible, neither is it improbable but, I believe the terror the possibility of such an event occurring is a little over-hyped.
Nonetheless, any information that leaves an organisation without consent is a problem. For small enterprises the first thing that can be done is buying an anti-virus program. Next, chart out what the business growth plans are. Is an online portal in the wings? Will mobility be undertaken? Get the roadmap and product offerings of the security vendors and make choices accordingly. A small company will need good support from the vendor especially if a role like a CISO hasn’t been allocated to manage security.
Big players are a whole different ball game. Security products are coming as add-ons to other technology products. What needs to be considered is: Is my security program benefiting from this value add-on or am I being wooed with a freebie? Another suggestion for big companies would be not to entrust all their data into the hands of one security vendor. It is just good business sense to have multiple providers and products. But, managing all the SLAs and licenses is a thing to keep in mind. Having a person internally to manage and orchestrate all this is an absolute must.
Companies get paranoid and go on a buying spree and spend unnecessary money on a gamut of security products that are not synced into a well framed security program. The big challenge is that the different business within the company will have different security requirements depending on what work they are undertaking. Getting a clear sense of that and getting a good deal is the biggest challenge.
The author is Managing Director, Kaspersky Lab – APAC.
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
