“Organizations should focus on how users access applications and data”

Kenneth Hee, Director, Business Development Enterprise Security, APAC, Oracle talks to Mehak Chawla about enterprise security trends, impact of cloud and mobility on enterprise security and Indian customers.

What are the enterprise security trends across the APAC region?
Enterprises in the APAC region, as elsewhere around the world, are increasingly concerned that corporate cyber attacks are growing in number and in sophistication. According to an Oracle sponsored CSO Market Pulse survey, the corporate answer to the rising threat levels is to spend more on security. But bigger budgets alone have not increased CSOs’ confidence in delivering a highly secure enterprise. While 59% of respondents say their IT security budgets have increased during the past 12 months, only 23% say their organization has a superior strategy in place across all key aspects of data security.
 
Much of this investment is also reactive. Organizations are not considering long term strategies to protect information assets especially the most crucial one – database. Most companies invest in perimeter and network defence because they believe database and application data are inherently safe as they lie deep within the firewall of the company. This is a dangerous assumption. According to a 2012 Verizon report, servers were the largest category of compromised assets (64%) and database servers were the source of 94% of compromised records involved in security breaches. Network infrastructure, by comparison, accounted for less than 1% of compromised assets.
 
This is why Oracle propagates an ‘’Inside-Out’’ approach. Protecting data at the source increases confidence that security investments are aligned with the external threats. Protecting data in the database would also save both time and money because most of the organization’s sensitive data resides in the database.

How are technologies like cloud, especially public and hybrid ones and mobility, impacting the security framework of enterprises?
The adoption of cloud and mobility has expanded the IT infrastructure of an enterprise. A company’s IT assets no more reside just within the four walls of an enterprise. The composite network has become large – it even encompasses multiple countries across the globe, outsourced data centers and, more recently, private and public clouds. So it is virtually impossible to secure the perimeter completely from cyber attacks and other external threats. As a result enterprises today have to re-engineer their thoughts to understand what is the right approach to secure information assets in a new world where sensitive corporate data is stored and accessed from beyond the company’s direct control.
For this reason, instead of focusing on more complex network security policy, organizations should focus on how users access applications and data. When criminals breach a network, they target weak user access controls as a means to acquiring valuable information assets.

What kind of security layering are companies opting for especially the ones that have legacy infrastructures to take care of?
When burglars break into a home, they look for electronics, jewellery or cash – yet homeowners focus mostly on securing their doors and windows, not their valuables inside the house. This mindset permeates enterprise IT as well. The CSO Market Pulse survey found that two-thirds of security budgets are used to protect the network, with less than a third used to directly protect the data and intellectual property that reside inside the organization. It’s clear from these results that most organizations are focusing an inordinate amount of attention on network vulnerabilities and neglecting their most valuable assets: applications and data. We at Oracle believe that while defence parameter is important, organizations should also focus on how users access applications and data. Securing access to customer data, intellectual property and financial data at the source i.e. the database can save companies time and money.

How is Oracle working with Indian enterprises with respect to security?
India is an important market for Oracle’s Security solutions and we are focusing on sectors like telecom, BFSI and government in the country. These sectors own extensive classified or confidential data and are more prone to security threats. They are also guided by strong regulatory compliance that mandate the enterprises to put in place an in depth, multi-layered, security model that includes preventive, detective, and administrative controls that are aligned with the sensitivity of the data, its location, its environment, applicable regulations and business impact should the data be lost, stolen, or used for unauthorized purposes.

Hindustan Petroleum Corporation Limited (HPCL), TVS Motor and Aircel Limited are a few enterprises that have deployed security solutions from Oracle.

Comments (0)
Add Comment