Thursday, October 27, 2011

Technology Intersection = SMART SECURITY SERVICES

Every Object(Product or Services) has a defined lifecycle and trend associated. It’s often seen, object reaches its maturity which we call as a Peak point before dying or conversing to other technology stack. This is to develop more productive object to cater today’s demand.

Let’s take an example of TV…Traditionally; TV was the only source of entertainment for watching movies and other entertainment program. Later, Internet was picked up to perform business; day to day tasks along with other entertainment enabled services…In the beow diagram “PP” represent Peak point of maturity. Now, People started losing interest and deviating from TV as a product.

Now what???? Do we foresee lesser TV demand?

Please click on the below image for better resolution and display.....



Technology interaction between TV and Internet, which we call as “SMART TV “has developed a new curve out of its dying phase …

SMART TV= TV + Day-to-Day internet enabled Task.
The similar cycle will continue after SMART TV ….Please carefully review both the curves

The above concept will also be applicable to Technology services…If you closely assess the 2nd curve, which produce “SMART IT SERVICES” due to intersection of Internet with Technology services. This intersection has produced cloud enabled services. 

SMART IT SERVICES:  Less expensive (in comparison with traditional form)+ Easy Rollout + Easy Transition+ Pay As You Use+  Highly Available + Best bread Technology Stack + Many More ..

The initial intersection phase is called as acceptance phase, where it’s   been evaluated and truly accepted before it is taken and developed for maturity.

SMART SECURITY SERVICES –Let’s align SMART IT SERVICES for Security enabled offering.
  • Identity as a Service
  • Authentication as a Service
  • VAPT as a service
  • Managed Security as a Service
  • Other security as a service 

Monday, October 24, 2011

Global Password Management Best Practices

In continuation with recent post “5-Which of Password Management”, I thought to drill down on best practices of Global password management. We are calling “Global”, since it is not confined to any entity and even user doesn’t have control on to the application practices. Each application has different password policies and hence password expiration would be different….
Many Username, Many password !!!!!!

Please click on the below image for better resolution and display.....


Using this approach User will only need to remember 4 passwords for Username & Password File.
Please note these are my view and many of you may differ with this approach; however the objective is to provide simplicity using existing tool, Easy Remote management and high security

Thursday, October 6, 2011

Safeguard Enterprise Data during Employee Separation

There have been cases of data loss, where employees were part of such acts during the transition to the new job. A report by “Bnet” shows that 45 percent of employees take data when they change jobs. Such is the case with a former HP employee, who had allegedly sent copies of IBM confidential documents to his Vice President at HP. Prior to joining HP, he was employed by IBM and had access to this information.

Before we drill down, let's analyze the reasons which can be multiple- 

  • Identity & Access Management (IAM) solution not correctly in place or may not be designed effectively-It is often observed that enterprise doesn't develop correct boundaries for IAM. The most important question every CISO or CIO concern about is optimization and efficiency around processes with minimal security incident (to make close to zero). This often leads to comparison with peers on-

          -How we are doing as an organization?

          -What is the next step for building our secure Environment using 

           IAM infrastructure?
          -How to develop IAM maturity model

  • Data Loss Prevention system is missing or may not be developed correctly.
  • A vendor has not captured all the scenarios (happy & unhappy) while developing the system.
  • The vendor is not equipped with SME and domain expertise to understand Technology trends.
  • Periodic system and process review mechanism not in place.
Let's define the best practice approach to avoid such scenarios in Enterprise-

  • Identity & Access Management(IAM) solution-Developing a Strong Enterprise processes-Separation Process should be in place to handle employee resignation scenario and removing access rights to critical systems during Employee Notice period.HR system should be designed to provide user resignation information to the IDM system for de-provisioning of critical systems. However, the above process can be modified/realigned keeping the Business objective in mind.
  • Enforcing Periodic System and process review 
  • Enterprise needs to align with vendors who understand the Subject and can translate business processes keeping domain and business objective in mind.
  • Missing Data Loss Prevention system-A Proper implementation of DLP would have marked this data as sensitive and rated it highly critical. Common exit points of this type of data breach are corporate email, webmail, FTP, removable drives, and printing. At any of these exit points, DLP would have flagged this activity. Let's explore the effectiveness of DLP in the enterprise-There has been misleading information of DLP being able to identify 370 plus file formats. File type identification does not translate into content inspection. It is roughly about 180 file types that this technology can interpret and inspect the contents. In order for DLP to do its job effectively, content inspection is important. Customers tend to get sold on the sheer number of 370, when in fact DLP is equipped to tear down the file on less than half of them.