Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Securing the digital enterprise

Nurdianah Md Nur and Zafirah Salim | May 12, 2016
IT professionals at the Computerworld Singapore Security Summit 2016 gained tips on how to craft an effective security strategy for the digital age.

To counter this, Tetra Pak trained 120 business intelligence experts, who have both IT/data skills and business knowledge. Each business unit now has at least two of such experts to help them analyse the relevant data. Tetra Pak also decentralised the front end development (eg. reports and visualisations) while keeping back end development (eg. ETL and data storage) centralised. Moreover, it continuously upgraded its analytics tool portfolio to ensure that they are able to address the different type of analytics needs.

Stanley Hsu, Country Manager for South Asia of Darktrace, next talked about his company's enterprise immune system solution. Powered by machine learning and mathematics, Darktrace's solution continually learns what is 'normal' in the networks to detect threats as they emerge, and provides intelligence-based recommendations based on empirical evidence and expert insights. For instance, Darktrace's immune system managed to detect threats that had bypassed other security tools, enabling energy and utilities provider Drax to investigate and mitigate those threats in real-time.

As applications are increasingly flooding the enterprise, Amit Dhupkar, Vice President of Group Technology (eCommerce Logistics) at SingPost, provided tips on securing the application programming interface (API) architecture. "Firstly, authenticate parameters to understand threats. Next, put stringent threat detection, turn on SSL, apply authorisation and authentication. Finally, strictly segregate API development and API security architectures and environment," he advised.

To conclude the track, Srini Thimma, Senior Cyber Security Advisor of Rapid7, shared the benefits of having information security governance. Firstly, organisations will gain strategic alignment of information security with business strategy to support organisational objectives. Secondly, such governance will enable organisations to manage risks by executing appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to an acceptable level. Thirdly, organisations will be able to utilise information security knowledge and infrastructure efficiently and effectively. Finally, governance will help organisations optimise security investments in support of business objectives.

Technology and Implementation track

Harshal Mehta, Regional Information Security Officer of Carlson Wagonlit Travel Singapore, kicked off this track by talking about the existing security challenges faced by the travel and hospitality industries. According to the Verizon Data Breach Investigation Report 2015, the hospitality sector experienced more incidents involving point-of-sale intrusions and denial of service than the all-industry average. He recommended three ways to improve information security: risk assessment, technology implementation, and looking beyond compliance. Above all, an organisation needs to ensure compliance with security policies and standards, a robust governance framework is implemented for all technology needs, and that technical controls remain aligned with threat factor.

Andrew Namboka, Solution Director, Security Business Unit of Dimension Data Singapore, then took the stage to discuss the changing security landscape. He highlighted that it is important to understand the past in order to move forward. According to Dimension Data's 2016 Global Threat Intelligence Report, end-point security remains a key weakness. "End-users are the weakest link and the target of most attacks. User education and training and disciplined patch management are critical to raising organisations' defences," he said. At the same time, cybercriminals are continuing to up their game. To combat such persistent threats, Namboka called out for the need of a holistic security approach, which refers to the alignment of three pillars: people, process, and technology. Agile companies always think about and plan for a full lifecycle of data security, he added.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.