Although dotcoms have died, there is one truth that cannot be denied — the internet is here to stay. While the internet and ”electronic transactions” have increased business opportunities, reduced operating expenses and eased the flow of information, there is a stark reality that we have to deal with — the security of information.

Internet crimes take place every 20 seconds, according to a WarRoom Research Survey. Also, 79 per cent of all security-related attacks originate within the organisation according to a joint FBI/Computer Society Institute.

In a recent occurrence, Microsoft came up with a bug fix report of their popular IIS web server. They put the information of the security vulnerability and its patch availability on the internet.

Unfortunately, most enterprises using IIS, did not see the availability of the patch fix on time, but hackers and internet stalkers did! Within days of this information being put on the Net, numerous companies reported that they had been attacked with the exact same vulnerability.

As the complexity of infrastructure increases, with a myriad of applications, systems and networks coming up to support the business needs of the organisation, so do the vulnerabilities.

Threats can be both from within the organisation as well as from outside. Exploiting these security vulnerabilities in the enterprise is painfully simple.

For any organisation, a security violation can lead to loss of revenue, intellectual property, loss of trust, reputation, and to top it all, legal liabilities. A recent survey has estimated that close to $202 billion is lost every year by companies to cyber-crime.

The need to protect an organisation’s tangible (applications, networks, servers) and intangible (processes, intellectual property, competitive intelligence) assets leads to a whole gamut of security solutions.

Security needs can be categorised into Physical Security, Logical Security and Managerial Security. Of the three, apart from logical security, which entails applications and hardware that needs to be put into place for protecting the IT infrastructure, a lot of stress is required in the area of managerial security — which deals with administrative and organisation security policies that govern the use of all resources of an organisation.

A strong policy, which needs to be well executed and constantly monitored is the foundation for a secure environment.

There are a lot of security solutions available in the market from VPNs, firewalls, intrusion detection systems, encryption devices, anti-virus systems, vulnerability scanners, directory services, single sign-on, PKI solutions, content monitoring systems etc. — which have different applications and need to be deployed depending on the specific needs of an organisation, and functionality desired.

Along with the security architecture that is put into place, a proper security solution needs to be supplemented with diligent user and administrator/IT staff training to ensure adherence to policies and proper use of the resources within an organisation.