IS summit brought forth key tangibles

Day 2 of the Information Security Summit 2004 presented delegates with a birds-eyeview of the Indian and global Information Security (IS) landscape, with solutions providers, leading ICT users and the governments of India and the US, presenting insights on the existing IS environment and the road ahead.

While the vendor community-represented by Joy Ghosh of Symantec, Bernard Trudel, of Cisco and Alberto Yepez of Thor Technologies-painted a picture of the possible chilling IS scenarios, leading technology users talked about their own endeavours in the IS space and their expectations from solutions suppliers going forward.

The vendors were unanimous in declaring that global organisations were living in precarious times, their info-structure increasingly vulnerable to cyber attacks, buggy software harbouring malicious code and new and emerging forms of debilitating electronic breaches such as phishing.

"Phishing alone cost US banks and credit card issuers nearly US$ 1.2 billion in damages over the past year. Over 1.78 million people have fallen victim to online fraud as a result of this activity," informed Joy Ghosh.

Both Symantec and Cisco reiterated the fact that the common approach pursued by users today was reactive. A proactive security model, centered around protection rather than cure, was the way to go, the companies stated.

"Vendors such as Cisco are focusing on dramatically improving the network's ability to identify, prevent and adapt to threats," Bernard Trudel said.

An eminent line-up of speakers, drawn from a spectrum of industry verticals such as banking, healthcare, telecommunications and defence, highlighted the security challenges they were facing within their domains and the initiatives they had unleashed to combat these threats.

What emerged from the discussions was that critical infrastructure segments such as banking and healthcare, which were getting transformed by IT, had a major need for an information security and regulatory compliance culture.

This was crucial, since winning and preserving customer trust was fundamental to their success. Speakers were quick to congratulate Indian software companies for their adherence to the high CMM Level 5 global standard but felt a similar orientation had to be built in the area of information security.

"India also needs laws in the Book, especially related to the issue of privacy. Sadly, the perception that exists overseas is that India does not have a data privacy law. This bull has to be taken by the horns," was the verdict of Michael Clark, chief executive officer, GTL Ltd.

Defining his expectations from the vendor side, Tim Zoph, VP and CIO, Northwestern Memorial Hospital, USA, said suppliers needed to do more. "Users would like to see vendors put in more investments in creating virus resistant software and highly resilient and stable systems. Quality of products has to improve and suppliers should embrace standardization and simplicity. Adoption of best practices and creation of critical infrastructure are issues that rank high on the wish lists of users," he said.

Speaking on behalf of the Indian user segment and representing the ICT-savvy defence vertical, captain Taneja of WESEE added that vendors in the country needed to create more robust, indigenous information security solutions, that were based on open standards for security assurance.

A highlight of Day 2 was the signing of the Delhi Declaration on Cyber Security by Nasscom and ITAA. A collaborative initiative between India and the US, it aims to help improve the cyber security environment at an international and bilateral level.

Under the aegis of the agreement, Nasscom and ITAA will pursue initiatives designed to build more systematic collaboration between vendors, customers and relevant government and law enforcement agencies.

Clearly, the Information Security Summit 2004 went way beyond creating awareness and providing a platform for ideas sharing. Some concrete and tangible steps were taken to improve collaboration between India and the US on the vital issue of cyber security.