In today’s digital world, data privacy is a concern for everyone, which makes it mandatory to follow proper security measures for data protection. Krishna Raj Sharma, director and chief executive officer, iValue InfoSolutions, discusses the importance of security for enterprises and how integrated security solutions can protect data from threats, in an interaction with Ayushee Sharma.
Q. How crucial is digital asset protection in different sectors today? What sectors are most affected by security threats?
A. With data being the new oil in today’s economy, retention and analysis of data is the key for customer delight and process efficiency. Protecting such business use data from data breaches, which results in monetary loss, becomes vital and crucial.
Every sector has its own hassles to retain and store data without being affected from security threats. The sector most affected by data security breaches is banking and financial. Impact of monetary loss is directly in cash, apart from other monetary impacts such as customer retention, brand reputation and market share.
Q. What is an ideal security service infrastructure model?
A. Cyber-crime is becoming more sophisticated as well as lucrative. The ideal security service infrastructure model includes such solutions as endpoint protection management, advanced threat protection, endpoint threat detection and response management, ethical hacking and vulnerability management, vulnerability scanning and on-demand applications security.
Q. What are the basic protocols that must be followed for data security?
A. Some trending protocols for data security are password management and two-factor authentication, encouraging email vigilance, raising awareness on phishing attempts, employee awareness on social engineering, avoiding personal devices for work, using VPN, protecting test data, strong firewall policies and implementing safe reporting.
Q. How do security providers evolve their services with rapidly-changing technologies?
A. New software architectures, outsourcing of resources, changing hacker goals and increased regulatory requirements are some variable factors affecting security infrastructure. With the rapidly-changing technologies, security infrastructure faces several challenges such as maintaining centralised configurations, tracking changes and streamlining workflows, modernising legacy applications and infrastructure, complicated threat landscape, handling sensitive customer data, and costs involved in hiring incident responders and skilled expertise.
With increasing challenges, there is a need for evolved security services such as 24/7 monitoring, threat detection and intelligence, technology assessment and analysis, evolving infrastructure, multi-cloud architectures and DevSecOps.
In evolving infrastructure, containers and server-less computing enable developers to build applications with far less overhead and more flexibility than applications hosted on traditional servers or virtual machines.
Managing multiple clouds also adds complexity to the security operation because users need to secure multiple environments and work with multiple cloud vendors’ tools.
Also, security engineers should be tightly integrated with the rest of the development team.
Q. What are the different elements associated with security?
A. Dependence on technology has made it imperative for us to focus on improving security levels. Security infrastructure has become diverse with multiple levels including physical/surface, interface, operating system, database, embedded, forensics, etc.
Security infrastructure can be further categorised into perimeter security, network security, endpoint security, application security, data security, mission-critical assets security and so on.
Elements associated with security can be broadly classified into data privacy: restricted, confidential and public data; Internet usage policy, email usage policy, software licensing, social engineering, company-owned versus employee-owned devices and security incident reporting.
Q. What is the role of network penetration testing and vulnerability assessment in detecting threats?
A. Network penetration testing includes exploration (mapping the network, information gathering and fingerprinting), discovery (finding vulnerabilities), exploitation (ethical hacking) and reporting (prioritising threats and mitigating risks).
Vulnerability assessment helps identify and analyse vulnerabilities in the system, and also mitigate and resolve security threats on time. The standard vulnerability assessment process includes security assessment, device discovery, risk management, optimisation, remediation actions and adhering to compliance guidelines.
Q. What areas are you working on to improve security levels?
A. Our team has been focused on DNA management area for twenty years. This has helped us in building expertise to improve security levels across technology vertical, compliance and geography needs, and developing industry contacts and relationships.
Prominent areas among security domains are network security, advanced threat prevention, application security, access management and data security.