Information Security – Myth Buster

Rajeev Raj, is an information security expert with years of experience who currently works with Paladion Networks, one of the world’s leading managed security services provider.

Internet is so huge and today information is available anywhere, anytime and most importantly to anyone. In a sense, if we see these expansions have its own Pros and Cons and all major security companies, consultants etc. work on Pros so that they don’t get misused and certainly cons which are to be mitigated. Security is culture in its own and has to be practiced to be safe and secure. People have erected security as big accomplishment but ideally seeing, it is as simple as securing a piece of land in house yard. Below are few myths which prove this fact Security is no difficult to achieve.

Rajeev Raj, Senior Consultant & Head - SOC RDM Services at Paladion Networks
Rajeev Raj, Senior Consultant & Head – SOC RDM Services at Paladion Networks

Myth #1: “I don’t think it is applicable to my organization”
It will be a good wishful thinking for anyone in the industry, but let’s be practical today, any information can be made available through internet and made accessible from anywhere and it allows attackers to steal and misuse data. Today information is critical and it needs protection round the clock. Size of the information doesn’t matter risk is always associated.

Security consultants work and identify whether that threat/vulnerability/risk is applicable or not as there are millions ways to breach and exploit. Organization should have pragmatic approach to such situations.

Myth #2: “I don’t think we can afford it”
Securing your workplace is not about buying expensive security devices to protect your organization. Yes, to some extent you need to invest on some appliances and depend on technology. But you need to evaluate what’s right for your organization. We can protect our information with proper training, education and orientations, if people are aware of the consequences its natural that they tend to be vigilant.

Having the checkpoint at the right place will help mitigate almost 80% of security risks. Infrastructure support just increases the security compliance level. It’s all about creating a business case for your security requirements.

Myth #3: “I am 100% secure”
This is another wishful thinking. Anyone stepping into your office and telling you “Buy this device and it will solve your problems” is a very big myth, no product/solution is effective enough until it is manage by a strategic approach. Securing everything on the network once is not enough and doesn’t mean that you are 100% secure, it should be practiced as a culture.

Having a systematic approach and proper security management can keep you secure but it is certainly not a one time job. Having the best of the products in your organization is not sufficient until it is utilized and implemented properly. Proper risk analysis and governance will certainly help organization to head towards a more secure business.

Myth #4: “Adherence is pain”
You usually hear statements like “Following process is pain and it is a time taking thing, we don’t want to follow it” from employees. This thought comes because they think that adhering to few processes is not worth enough and no use for me, but if one knows what is achieved by adherence then they will give a confidence and inner push to follow it without any resistance. All we need is to explain them why we do what we do.

The principle PPT i.e. People Process and Technology are the elements of a successful organization. To illustrate the PPT in a single statement then it would be something like this “Technology helps us to maintain processes, People should be well adapted to the Process which an organization defines”. All 3 play a vital role in growth for any organization.

Myth #5: “Implementation is easy but Maintenance is tough”
This is one myth which is similar to passing the buck. If one has the right people and process in place maintaining the security practice will just be very easy. Yes, implementation is easy but maintenance is equally easy with the right people in place. All that is required is people should be trained to perform certain tasks and keep the engine running.

A right person for the right job is very well said by someone whom I don’t know. But the fact is crisp and clear, to maintain something as big as security for an organization you need people. Having the right process, approach and monitoring mechanism is just not enough if we don’t have the right people to uphold it. A company should have a proper review mechanism to achieve the goals and a more secure level.