/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/07/31/website-banner-2025-07-31-17-21-17.jpg)
As more people open their businesses to the exciting, all
pervasive Internet based economy, new opportunities are sprouting & new
challenges are being faced in the world of e-business. This also throws open the
possibility of devastating security breaches. A well planned, designed and
executed security solution helps in making sure that businesses stay focused on
the critical objective–that of generating positive business results.
The security attack and its aftermath are almost similar to
that of an air crash. Small and insignificant things cascade to become an
uncontrollable and unmanageable disaster. Hence, a well thought out and
operating security policy is critical for corporates, their internal users,
customers and vendors.
A good security solution has three components, viz. Security
Framework, E-Business Application Security and Security Services / Management.
Security Framework
Building a security framework is the first step in
formulating a typical e-security solution model. It consists of the following
modules:
Internetworking & Link Encryption: It should provide an
extensive set of high-speed, high-performance, first level device security and
link encryption solutions for securing the network. Using strong encryption
algorithms, this solution should secure the data over dedicated leased lines,
Frame Relay and even ATM networks.
Access Control, Firewall and VPN: It should help customers
build the basic access control by filtering (including full services and
application awareness) what goes into and out of the network. The solution
should be flexible and scalable allowing customers to mix and match the various
available options.
Content Security: It should guard against content and network
integrity threats such as misuse of e-mail and the web, confidentiality
breaches, exposure to e-mail legal liability, junk e-mail attacks and infection
from Internet-borne viruses.
Intrusion Detection: It should provide a high-level security
assessment of the vulnerabilities and risks that may exist in an organisation.
By using proven security assessment tools and utilities, it should scan
customers' public servers and network devices to search for vulnerabilities.
Authentication & Authorisation: It enables companies to
monitor and ensure that critical, sensitive network resources and access
permissions are granted only to those with the required clearance. It offers
organisations a robust solution that addresses the growing need for user access
management at all levels.
Event Analysis and Reporting: It should provide a wide
variety of network management, security analysis and accounting tools that
present critical facts and relationships in simple, easy to understand reports
that can help security managers develop a detailed picture of network use and
abuse. This will help in the decision making process.
High Availability: As organisations increasingly rely on the
Internet and VPNs to support mission critical business processes, the costs
associated with losing connectivity increase dramatically. Even a momentary
failure of a corporate VPN or firewall gateway can interrupt high-value
transactions resulting in lost revenues, dissatisfied customers and reduced
productivity.
PKI (Public Key Infrastructure): PKI technology provides
highly scaleable and flexible trusted infrastructure for e-commerce transactions over the Internet. Based on international security
standards and APIs, combined with a modular, open systems approach, PKI
solutions can easily be integrated with the customers' existing systems, whilst
allowing software developers to build in strong security features and policies
for critical business applications.
E-Business Application Security
As more business processes are geared towards e-business, an
organisation's Internet presence will migrate from just simple publishing of
marketing materials to more sophisticated, dynamic and interactive applications
like CRM, order processing, online payments/receipts, etc. This allows web-based
applications to access customer information maintained on back-end enterprise
resource planning applications. The challenge is how to build applications that
allow information to be securely exchanged.
E-Security Services
Complementing the broad spectrum of e-security solution
requirements, there is a similar broad range of security services developed to
address the customers' various stages of support requirements. These include
services for analysing security requirements & risks and the development of
security policies, designing the security infrastructure, implementing it,
managing and maintaining its operations, auditing it and training. These
services ensure that the network is secure without compromise.
There are broadly five services that can be implemented:
Analysis Services
These services are focused on two parameters–Risk
Assessment and Policy Development.
Risk assessment: It should provide a comprehensive review of
a company's overall network design and security policies to determine any
vulnerability that may cause exposure to security risks. The service also
identifies the areas where improvements should be made to enhance the security
policies on an ongoing basis.
Policy Development: It should help customers define and
customise security policies and procedures based on their current business
processes and security concerns. They include comprehensive documents, which
define the security policies and framework for protecting the company's
resources and assets on an ongoing basis, whilst adhering to the identified
business objectives.
Secure Design Services
Targeting both the macro and micro levels, this service
should involve a high level of interaction with the vendor, and should
effectively translate business requirements into functional specifications that
can be used to design the desired security infrastructure.
Secure Implementation Services
It has a wide array of services catering to different levels
of the security system.
Perimeter Hardening: This process removes vulnerabilities
from the customer's IT environment that may be exploited by hackers for
unauthorised access. To ensure that customers' servers and workstations have
been sufficiently hardened and unauthorised access is denied, the perimeter
hardening service will review existing security configurations to determine the
level of security required and then develops the appropriate configurations on
an ongoing basis. Follow-up verification and system integrity checks further
ensure that no unauthorised configuration changes can be made.
Virtual Private Network (VPN) Implementation: Whilst VPNs
offer attractive cost savings, an organisation would have to deal with the
increased exposure to security threats and network performance issues, as well
as the support requirement, to maintain the operations of the VPN across
multiple locations.
Firewall Implementation: The security specialists interpret
and integrate the design of the firewall into the IT environment, in accordance
with the organisation's security policy. Operating procedures should be
developed, and a firewall implementation report should also be generated to
ensure that the firewall is managed securely.
Intrusion Detection System Implementation: An Intrusion
Detection System (IDS) provides appropriate surveillance in recording and
escalating unusual network access requests. The solution should provide the
necessary level of surveillance against popular attack patterns prevalent in the
hacker community
Authentication System Implementation: Authentication is a
vital requirement in security for authorising access to information for users.
Integrating and enabling the appropriate authentication services for the
security infrastructure often pose challenges for technology integrators without
expert knowledge of the network.
Project Management: With the growing complexity of
Internet-working and plethora of diverse systems, today's network managers are
plagued with issues with far more serious business implications than ever
before. All the more reason why security aspects should be treated seriously as
an ongoing and monitored project.
Operation & Management Services
A good security system needs to be operational all the time
and easily manageable.
Secure Management Services: As with a person's health, the
well being of an organisation's security infrastructure needs regular and
continual maintenance. When viewed against the backdrop of increasing hacker
attacks and security breaches world-wide, this requirement of guarding against
new and increased security threats, internally and externally, calls for a team
of qualified professionals.
Round the Clock Secure Maintenance: These services ensure a
more productive, efficient and secure network, with increased availability and
better investment returns. A sophisticated Secure Management (SM) System and
accurate diagnosis should help the customer avoid disastrous network downtime
and security breaches, potentially saving thousands of dollars.
Audit Services
The service should provide a high-level security assessment
of the vulnerabilities and risks that may exist within an organisation's IT
resources. Using proven security assessment tools and utilities, a comprehensive
scanning service will search the customers' public servers and network devices
for vulnerabilities. It should deliver comprehensive reports ranging from
executive-level trend analysis to step-by-step instructions on ways to minimise
security risk.
As more and more people, customers, vendors & competitors
are embracing the web, businesses are being pro-actively driven to this medium.
Once this embrace begins, it is only a catch-up game on defining, installing,
maintaining, auditing, and managing security that is really important.
To recall a statement read somewhere "The security
people guarding the VIP have to be alert at all moments to prevent an
assassination. One moment of slack is enough for a good assassin to accomplish
his task. In the security business, 99.99% effective is just not enough"
Anil Kumar PV
Head of Marketing
Datacraft India Ltd — Mumbai