Posts Tagged ‘security solution’
Security Solutions - Identifying issues in the organization
Security Solutions - Identifying issues in the organization
In the modern computing, businesses have started working within business networks where they interact with external partners such as customers, vendors. In such a chaotic environment, it is critical that security takes the highest precedence.
Security within perimeters mindset needs to go away, and replaced by a more robust and end to end approach. Developing comprehensive security architecture requires methodical and deliberate analysis. In order to devise optimized security solution, one must evaluate existing security issues within the organization.
How do you identify security issues in your organization?
Security Access Provisioning Process: One of the most common issues in any organization is about security access provisioning. Most if the time, this is done in ad hoc manner. Somebody wants access to a system (e.g. CRM application) and sends a request to the administrator. Administrator provisions the access. Later when that somebody has moved to other department or left the company, that access is still there. Developing a comprehensive access provisioning to all IT systems is very important for any organization.
Data in Transit Issues: Data in transit (when data moves from one system to another system) is another critical aspect of data security. How do you make sure that data flowing on network bus is not being compromised? Passwords, employees’ sensitive HR information flow on network without sufficient protection can lead to severe results. It is important to realize that most of the security issues come from within the firewalls. Employees getting unauthorized access to systems and data can result into significant legal issues.
Data exchanged with External Partners: Data exchanged with external business partners poses another challenge. How do you make sure that the data is viewed only by its intended recipient? How do you make sure that the data integrity was not compromised on the way? On the other hand, how do you make sure that the data coming from external partner was sent by the expected sender? You should realize that enabling a secure operating environment with your partners is a big boost to the business itself.
Intrusion Prevention: When so many systems are put in place to communicate with external partners, how do you make sure that no unwanted intruder is trying to get access to your valuable information? How do you make sure that the incoming data is secure enough so that it can be processed by your systems (e.g. emails, documents, messages)?
Security Analysis and Audit: Do you enforce regular security audits? Do you capture required level of system and access logs in a consistent manner so that a detailed security analysis can be done as and when required? One can identify patterns in log data about upcoming security threats.
Rohit Chopra is a veteran in IT industry with a focus on offshore software development India(extendcode.com). Rohit has enabled solutions for Health Care, HR and Media verticals and written article on security solution for offshore software development company.