The security threat landscape in 2017 looks set to keep enterprises on their toes. The continuing economic fluctuations would lead to more instances of cybercrime, with a corresponding tightening of security budgets.
In the race between security specialists and threats, it is hard enough keeping up with advisories, warnings of potential problems and new philosophies of safe IT, let alone mixing in the rapidly changing technological and economic implications of the connected environment.
Spending in many IT sectors might be slowing down, but security-related IT spending has been and should continue to be in focus and in line with the risk posture of an organization.
The upshot is that “security is no longer embedded within IT.” “Security and Risk professionals are faced with a rapidly changing technology landscape and business environment. To achieve success in the role today, they need to be open to new ideas and embrace change.”
The increased use of the internet for remote business applications, online data sharing and collaboration will present more opportunities for theft and data loss. Laptop and mobile devices theft will also continue to provide a physical challenge. We can carry much more data now, and people are storing customer information on mobile devices, or throwing data onto a memory stick. How hard should it be to encrypt all data carrying devices?
The insider threat from employees being ignorant about security has long been an issue for CSOs.
While the threat of insider-caused organizational harm is on the rise, most companies do not have a formal program to manage this risk. While there may be existing procedures in place to monitor corporate networks for intrusions and the collection of various logs for threat analysis, there are very few controls designed to monitor and respond effectively to insider behavior.
Security monitoring, logging & reporting practices and requirements transcend regulation & compliance regimes. They are the primary vehicle of assurance for management, auditors, and regulators that control objectives are being met-or, if not fully met, then progressively improved.
From Sarbanes-Oxley (SOX) to Gramm-Leach-Bliley (GLB), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), the PCI Data Security Standard (PCI DSS), Basel II compliances and the recent GDPR, the need for measurable assurance is built into most major regulations that are no longer just ‘good to have’ but ‘mandatory’ for business survival.
The shrinking levels of business demand and staff, force many organizations to move to a variable cost basis for services, through outsourcing. The market for managed security services is more mature than it used to be. With increasing levels of outsourcing, managing the security of outsourced operations is becoming a growing challenge in itself.
At Coforge, our Cybersecurity Practice considers cybersecurity trends seriously and our Cybersecurity Practice is engages with the internal CISO organization to develop strategies to counter these threats to help our customers worldwide. The charter of the practice is to create solutions to strengthen the IT security of the organization and meet the specific requirements of its customers.
Coforge takes event logging seriously and it uses a centralized solution to provide a record of events related to IT systems and processes. Coforge optimizes each recorded event to provide information such as what occurred, when it occurred, and who or what caused it. Logs are both inputs and outputs of monitoring, providing the data record through which cyber intelligence and security operations teams can examine IT systems and processes. Logs monitoring enables us to look for state changes, exceptions, and other significant events.
Logs provide a record that form the foundation of our effective monitoring, which provides the fodder for customer confidence in outsourcing IT services to Coforge.
Reporting indicates the status of IT controls designed to meet compliance goals. For reporting of IT security Coforge uses an intermeshed approach with both monitoring and logging.
Logging, monitoring, and reporting processes provide baselines, test results, and even insight that help us shape IT and business management across the enterprise. Logging, monitoring, and reporting are the key elements of our IT governance that meet the needs of all enterprise stakeholders and provide the tools to resolve a broad range of IT problems thus delivering an exceptional customer experience.
They provide the data and diagnostic tools that allow managers to identify and respond to significant events and process exceptions in order to reduce business risk from IT.
Conventionally, troubleshooting of IT operations and process failures was performed through log monitoring. Our consistent log monitoring also provides an early warning system for system problems, revealing network instability and changes before they affect IT systems.
We realize that traditional infrastructure management tools only focus on systems and infrastructure, not the applications and services that customers experience. This limited, bottom-up view makes it impossible to gain visibility into the status of business applications, or understand the business impact of outages and events.
IT service management teams at Coforge ensures the committed service levels are delivered to the customers or internal business.
Some of the improvements brought in this area include the following:
Application support teams are responsible for availability and performance of the applications and resolution of problems.
Some of the improvements brought in this area include the following:
System monitoring teams are not just responsible for the availability and performance of the infrastructure but in developing frameworks and best practices that help reduce the TCO and maximize ROI across the infrastructure.
Some of the improvements brought in this area include the following:
Some of the improvements brought in this area include the following:
The threat management program at Coforge delivers real and immediate benefits as below: