Today, the threat landscape is more dynamic than ever in the cyberworld. In adopting cybersecurity measures, Symantec Corp’s group president and chief information officer David Thompson points out that “one size does not fit all”. He shares his views with Tech&U.

Thompson says a good security system has to begin with the right policy which must be extended to endpoints.

Q: Governments around the world are grappling with the issue of cyber/info security. What is Symantec’s take on the subject?
A: Combating cyberthreats would require not just infrastructure but a holistic approach by governments, and that would include the implementation of appropriate policies; application of technology; public education and awareness building; and the establishment of a framework for cross-border and international co-operation (due to the global nature of Internet).
The International Multilateral Partnership Against Cyber-Terrorism (IMPACT) inititated by Malaysia is an excellent example of a platform that encourages the exchange of invaluable insights of the best practices and methodologies employed in protecting the information, interactions and infrastructures.
This is especially important for Malaysia, as Symantec has observed that the Internet is becoming a critical tool for the Government in Malaysia, especially in increasing its delivery of public services via the Web in its bid to lead the country into the information age.

Q: As Malaysia goes forward transforming into a knowledge economy, what are the pitfalls to avoid?
A: With the rapid progression in information and communications technology, it is pertinent to avoid rushing into progress and to remember that “one size does not fit all” when it comes to adopting initiatives implemented by other countries.
Good examples of successful implementations should be evaluated based on the adopting country’s present and potential growth as well as available resources, and then customised to fit their needs. This also includes cultural, technological and social issues which may impact that project.
As with any project, systematic and careful planning is required to maintain the momentum needed to see it to completion.
Information and access to information is a vital part of a knowledge economy. With rapid broadband penetration to access information, it is inevitable that cybersecurity threat will increase. Therefore, a comprehensive planning for infrastructure development to protect the Internet environment is important to ensure that while there is growth in information access, the risks due to this exposure will not increase. This will ensure that information and interactions are well protected.

Q: In your opinion, what are among key ICT issues and challenges currently faced globally and in Malaysia specifically?
A: The boundary for enterprises is blurring with the “consumerisation of IT”, with products coming in from the outside both via employees and outsourced service providers. While consumer technologies can pose a threat to security, their increased use in enterprises is a trend that is hard to stop let alone detect.
As such, businesses are being challenged by the propagation of endpoints and resulting volume that IT has to manage. This includes a full range of IT risks availability, compliance, performance, and security. Faced with this dilemma, some IT organisations have reverted to asking employees to sign a code of ethics and others have gone as far as banning all unauthorised use of software and electronics in the workplace.
Similarly, explosive data growth, combined with the proliferation of disparate storage management tools and technologies has created a significant challenge for IT managers tasked with provisioning and maintaining multi-vendor storage environments.
The challenge for Malaysia is similar. IT managers across the globe must master a difficult balancing act: manage fast-growing data storage, achieve user and application performance level needs, and maximise IT performance.
Businesses are also challenged to reduce costs and increase efficiency by optimising their resources, which includes reducing complexity and a move to virtualisation to increase the utilisation of assets.

Q: From your point of view, how do you suggest we handle these challenges?
A: Companies need to innovate in order to deliver the best solutions that constantly meet the current and future needs of the industry.
Organisations and governments should have the right processes in place to handle a threat when it happens. A good security system has to begin with the right policy which must be extended to endpoints.
Having a comprehensive endpoint security solution in place will supplement reactive and other less-effective countermeasures with multiple security technologies, resulting in broader and stronger endpoint protection.