Express Computer
Home  »  Interviews  »  “Organisations need to put in a clear security matrix for big data”

“Organisations need to put in a clear security matrix for big data”

0 433

Verizon recently released its Data Breach Investigations Report, DBIR 2014. Ashish Thapar, Head of Global Consulting & Integration Services, Verizon India, talks to Jasmine Desai about the still weak links in enterprise security. Excerpts:

As compared to last year, are organisations now becoming more aware about where their data is residing?
Organisations are clearly lacking in terms of the data identification. Because of the dynamic environment in organisations, people need to be very aware in terms of changes that keep on happening there. With every change, there is a lot of scope for the potential breach that can happen. They may attain a particular stature and identify particular data elements, but just because there is change driven either by business or by IT, organisations need to be clear in terms of impact of that change — what data elements it will bring in, which data elements it will change, which new threat avenues it will open. For example, an internal portal becoming an external portal— does it open up any privacy related issues, has user consent been taken? Maintaining compliance is really difficult in IT and BPO. Organisations have to align their internal change with the ever changing compliance landscape.

Is ignoring log files still a very common security weakness?
Log correlation remains very important, but organisations need to have a global perspective and look at the entire horizon to really ascertain its security stature. Internal fraud detection capabilities have really helped. However, presently, fraud detection is becoming less important in terms of the breach discovery, law enforcement and discovery by unrelated parties; i.e. fraud by third party is rising much faster. Thus, it goes to show that it is not only important to look at one’s own logs, but also to take intelligence input from the industry group or share the data with CERT, to be aware of the global risk intelligence.

In spite of security systems in place, is proper monitoring a big issue?
It continues to be the challenge, as it needs continuous focus. In some of the big investigations we did, if the system is sending logging to a particular log correlation system, even in that system, the IP address of the forwarding system is wrong. People should not have a false sense of security just because they have implemented a log correlation engine. How strong the integration is what matters and how strong the network flow reading is. It is not about the end-point log, but also about network flow information, which can tell a lot about APTs. These kinds of threats do not generate much noise—unless you look into what is happening in and outside the network.

Where do organisations start integration of solutions and processes?
Log correlation and SIEM solutions are very important. It depends on how the solution has been integrated and configured. It all depends on what is the value organisations are deriving from the solution—in terms of signature rules that have been implemented. Organisations need to see if they are really integrating it with the entire landscape and with the intrusion prevention system. Thus, if a particular threat is detected, immediate preventive action can be taken. They also need to look if it is integrated with the anti-virus system and with network flow sensors.

How can organisations make big data more consumable for risk management officers?
Organisations need to be very clear with data identification and classification, before they even start their journey on big data. They need to be very careful about what that data is, where the data is coming from, where it is being sent and how the data is being protected in all three areas: data addressed, data in transit, and data under processing.

Data classification is very important because organisations need to be sure about what kind of data elements are being gathered. It could be card holder data where PCI compliance comes in; it could be health records so HIPAA comes in; it could be personally identifiable information where a lot of state laws or EU directives come into play; it could be personal information where 11 amendments of IT Act talk about personal information. They also have to look at how the data is securely destroyed. Thus, organisations need to be aware of the complete data lifecycle. They need to put in a clear security matrix when they handle big data areas.

Is it easy to breach air-gapped systems?
With increase in automation and in human-machine interface, these systems are becoming more connected to the TCP/IP systems. The more they get connected, the more they become vulnerable. These systems need to be assessed. Risk assessment is the only way to risk profile these kinds of infrastructure and deployments. Organisations need to be clear in terms of network architecture, connectivity, third-party software and third-party management.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image