Information Security Trends

Executive Summary

The security threat landscape in 2017 looks set to keep enterprises on their toes. The continuing economic fluctuations would lead to more instances of cybercrime, with a corresponding tightening of security budgets. 

In the race between security specialists and threats, it is hard enough keeping up with advisories, warnings of potential problems and new philosophies of safe IT, let alone mixing in the rapidly changing technological and economic implications of the connected environment. 

Spending in many IT sectors might be slowing down, but security-related IT spending has been and should continue to be in focus and in line with the risk posture of an organization.  

The upshot is that “security is no longer embedded within IT.” “Security and Risk professionals are faced with a rapidly changing technology landscape and business environment. To achieve success in the role today, they need to be open to new ideas and embrace change.”

Data Loss

The increased use of the internet for remote business applications, online data sharing and collaboration will present more opportunities for theft and data loss. Laptop and mobile devices theft will also continue to provide a physical challenge. We can carry much more data now, and people are storing customer information on mobile devices, or throwing data onto a memory stick. How hard should it be to encrypt all data carrying devices?

Insider Threat/ Organized Crime/ High-Tech Crime

The insider threat from employees being ignorant about security has long been an issue for CSOs.

While the threat of insider-caused organizational harm is on the rise, most companies do not have a formal program to manage this risk. While there may be existing procedures in place to monitor corporate networks for intrusions and the collection of various logs for threat analysis, there are very few controls designed to monitor and respond effectively to insider behavior. 

Security Monitoring, Compliance and Regulations 

Security monitoring, logging & reporting practices and requirements transcend regulation & compliance regimes. They are the primary vehicle of assurance for management, auditors, and regulators that control objectives are being met-or, if not fully met, then progressively improved.

From Sarbanes-Oxley (SOX) to Gramm-Leach-Bliley (GLB), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), the PCI Data Security Standard (PCI DSS), Basel II compliances and the recent GDPR, the need for measurable assurance is built into most major regulations that are no longer just ‘good to have’ but ‘mandatory’ for business survival.

Security Outsourcing 

The shrinking levels of business demand and staff, force many organizations to move to a variable cost basis for services, through outsourcing. The market for managed security services is more mature than it used to be. With increasing levels of outsourcing, managing the security of outsourced operations is becoming a growing challenge in itself.

Coforge’s Cybersecurity Practice

At Coforge, our Cybersecurity Practice considers cybersecurity trends seriously and our Cybersecurity Practice is engages with the internal CISO organization to develop strategies to counter these threats to help our customers worldwide. The charter of the practice is to create solutions to strengthen the IT security of the organization and meet the specific requirements of its customers. 

Logging, Monitoring & Reporting

Coforge takes event logging seriously and it uses a centralized solution to provide a record of events related to IT systems and processes. Coforge optimizes each recorded event to provide information such as what occurred, when it occurred, and who or what caused it. Logs are both inputs and outputs of monitoring, providing the data record through which cyber intelligence and security operations teams can examine IT systems and processes. Logs monitoring enables us to look for state changes, exceptions, and other significant events. 

Logs provide a record that form the foundation of our effective monitoring, which provides the fodder for customer confidence in outsourcing IT services to Coforge. 

Reporting indicates the status of IT controls designed to meet compliance goals. For reporting of IT security Coforge uses an intermeshed approach with both monitoring and logging. 

Benefits of Logging, Monitoring, and Reporting

Logging, monitoring, and reporting processes provide baselines, test results, and even insight that help us shape IT and business management across the enterprise. Logging, monitoring, and reporting are the key elements of our IT governance that meet the needs of all enterprise stakeholders and provide the tools to resolve a broad range of IT problems thus delivering an exceptional customer experience. 

They provide the data and diagnostic tools that allow managers to identify and respond to significant events and process exceptions in order to reduce business risk from IT.

  • Our integrated logging offers value beyond compliance that includes support of overall IT functions including performance management, change management, security management, and project planning.
  • Coforge’s security monitoring services provides real-time views of IT control performance and support overall IT functions including performance management, change management, training, security management, and project planning.
  • On-demand reporting is the currency of compliance for auditors. Coforge believes that without reliable, accurate, consistent, and verifiable reporting, there can be no compliance assurance. Our comprehensive reporting systems also helps IT managers to evaluate system and employee performance over time and provides input for balanced scorecards and other managerial mechanisms. 

Conventionally, troubleshooting of IT operations and process failures was performed through log monitoring. Our consistent log monitoring also provides an early warning system for system problems, revealing network instability and changes before they affect IT systems. 

Key operational areas 

We realize that traditional infrastructure management tools only focus on systems and infrastructure, not the applications and services that customers experience. This limited, bottom-up view makes it impossible to gain visibility into the status of business applications, or understand the business impact of outages and events. 

 Fully managed service levels and compliances mandated

IT service management teams at Coforge ensures the committed service levels are delivered to the customers or internal business. 

Some of the improvements brought in this area include the following:

  • Visibility into how applications and infrastructure impact business services and customer experience
  • Centralized approach to problem resolution
  • Effective communication with end users/customers about how service levels are managed

Fully managed application performance and business availability 

Application support teams are responsible for availability and performance of the applications and resolution of problems. 

Some of the improvements brought in this area include the following:

  • Isolating application problems to the specific tier and application component
  • Clear priorities on application availability and performance based on business requirements automated in the monitoring system
  • Identifying and addressing negative trends before users are affected
  • Reduction in cross division constraints that prevent visibility between IT operations and performance teams

Reduction in TCO and maximizing ROI across the infrastructure

System monitoring teams are not just responsible for the availability and performance of the infrastructure but in developing frameworks and best practices that help reduce the TCO and maximize ROI across the infrastructure. 

Some of the improvements brought in this area include the following:

  • Traditional and standalone monitoring tools are replaced with enterprise wide tools that are integrated to perform in a cross-functional way.
  • Getting maximum value from existing investments.
  • Better visibility into infrastructure assets and investments.
  • Manage change and complexity across the lifecycle

Change control teams at Coforge are responsible for managing the impact of planned and unplanned changes to IT services and business applications. 

Some of the improvements brought in this area include the following:

  • Better visibility into the business impact of change.
  • Simplicity and transparency in addressing unplanned changes.
  • Repeatable and enforceable change management processes.
  • Benefits of the threat management program 

The threat management program at Coforge delivers real and immediate benefits as below: 

  • Increased customer confidence
  • Reduced risk of compromise
  • Early threat detection
  • Lower remediation cost
  • Increased employee productivity
  • Increased investor confidence 
  • Protection of reputation
  • More efficient decision-making

The ROI delivered from this program:

diagram_1

 

Download the Whitepapers
9 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

By clicking the download button, you allow us to connect with you using email, phone or post (as provided) for responding to you and for other marketing activities. This information is protected under our privacy policy.