CyberMedia-IBM Roundtable



CyberMedia-IBM Roundtable will discuss, evaluate and address the following Key questions for the enterprise CIOs / CISOs. As these needs a continual evaluation and processing by an enterprise technology heads, says, Apalak Ghosh, Principal Consultant – Emerging Technologies Research, CyberMedia Research. How can CIOs raise the priority of information security in management’s eyes? Is your CEO / executive board aware of the potential damage to reputation and loss of business that can result were your entire network or corporate website to go down for 24 hours?

 Is your IT infrastructure Intelligent; adequately protected against the increasing frequency, number and complexity of cyber attacks?

 How can one improve the deployment of IT risk-management resources and develop proactive, cost-effective solutions to identify and manage the real risks without impacting the business?

Changed threat perceptions for the ‘borderless’ & ‘connected’ BFSI Sector

The modern BFSI sector enterprise runs advanced IT infrastructure and applications to connect employees, business partners and customers, very often in real time. This enables stakeholders to connect seamlessly and collaborate on a range of processes from product design and engineering, marketing and distribution to order processing, delivery, installation, user training et al.

According to CMR (CyberMedia Research) organizations need to implement solutions, processes and risk management techniques that are environment-aware, require less human intervention and are able to anticipate potential threats likely to emerge in future. IT and business leaders of progressive organizations recognize that the right mix of policies, processes, people and technology, together play a vital role in proactively protecting information infrastructure, sensitive assets and data which is the lifeline of any business today.

However, with this new ‘connectedness’ comes the challenge of increased security threats from cyber attacks in various shapes such as Identity theft, fraud, extortion, Malware, pharming, whaling, phishing, spamming, spoofing, spyware, Trojans and viruses, Stolen hardware, such as laptops or mobile devices, Denial-of-service and distributed denial-of-service attacks, Website defacement, Instant messaging abuse, Intellectual property (IP) theft or unauthorized access, Targeted Advanced Persistent Threats (APT) and many more.

The rapidly evolving enterprise technology environment makes it more important than ever for CIOs to get a handle on what the real risks are within ones IT ecosystem. The problem is made more complex by the sheer volume — and value — of data, both structured and unstructured, that is produced by one’s organization’s business processes and relied upon for much of the company’s decision-making practices.

The increasing trend towards BYOD and the proliferation of tablets and other end user devices that can be connected to the corporate network has increased the risks of data loss. Traditionally within information security, internal threats have always been touted as the greatest threat an organization should focus on. However, increased attention around external threats and high profile breaches combined with both the customer and business units increased expectations around information protection have shifted the focus towards the external threat.

Above all, data security has been and will always be security concern for any organization. There are multiple factors which drive these concerns like technological advancements, regulations, dynamic threat landscape, business models, social media etc. As there can be no one answer to address all of these challenges however a combination of practices, technologies, solutions can help in addressing the data security in ever changing IT landscape, dynamic business needs and so on.

In such a scenario how should a CIO / CISO plan out his / her security strategy? For starters, he /she would be well advised to have a holistic, enterprisewide view of IT security management rather than low level, end-point threat protection alone. The rationale behind this approach is that threats to organizations are both targeted and persistent. If the threat is blocked in one way the attacker will continue to look for other approaches that bypass the block. Therefore, a behavioral analysis of events to glean what is happening around and inside the organization’s network and systems is a better indicator of an imminent attack, rather than monitoring an attack in progress. The former, proactive approach often provides the much needed security intelligence to counter threats and minimize risk over a sustained time horizon.

As business demands evolve, there’s an increasing need to manage users from any location on any device and securely connect them to applications that might live anywhere. The only way you can manage mobile device and application growth simultaneously is with an Intelligent Services Framework (ISF) that applies application delivery policies to all application requests—in both directions—to effectively ensure the speed, security, and availability required to meet your business needs.

The objective of this editorial research roundtable is to help BFSI CIOs/CISOs to develop radical new approach that is needed to break the conventional methodologies and create an agile and nimble information security strategy. That such a strategy in its ambit should consider a whole lot of security threat areas and create a data protection infrastructure that is intelligent and proactive- not reactive.

A not to be missed roundtable for the CIOs, CISOs, Head-IT, VP/GM-IT and other technology decision makers and influencers from large private and pubic sector organization from the BFSI vertical.