Network and Information Security Technologies for ABC Company

Question: Discuss about the Network and Information Security Technologies for ABC Software Company. Answer: Introduction ABC is a Melbourne based small sized software company providing services on development and customization of applications that are highly specialized in network and information security domain. The ABC Organization has been functional from past five years and provides services to small and medium sized organizations / clients based in Australia. Currently the ABC Organization manages projects to develop in house applications as well as customization of off the shelf applications. It has been identified that the business scope of ABC Organization is very limited to application development. Considering the fierce competition in marketplace, the organization is looking for wide range of options to expand its business within a span of five years. ABC Organization is willing expand its business within other ICT verticals as well as expand their customer base within Australia as well as in overseas market. Having researched on various business expansion options, the executive management team has come up with the option of business diversification by providing the current network and information security services to clients that have online presence. Thus, the new option of business vertical will involve management of online security of client organizations, including their databases and security aspects. It has been identified by the Business Development Manager, the potential clients for the new business expansion idea can be online gambling organizations, as well as hospitality and pharmaceutical industry organization. Due to research gap, the executive management team is not very confident about the execution of new business idea. As a Research and Technology Assistant, the role is to carry out an in depth investigation to understand the feasibility of new business expansion of ABC Organization and also research on the other business aspects (ethical, social and economic aspects et c) of the potential client organizations. The main aim of this research report is to carry out a detailed investigation on the network and information security domain and understand the latest trends and technologies and to understand the success factors with real time illustrations of other organizations. Also, by using the foundation research, the business expansion proposal in the next five years is also covered in the report. The proposal is entirely based on the range of advantages / disadvantages and risks associated with each of the solutions considered in the report. Network and Information Security In the technology era, organizations are mainly dependent on computer networks to share data and information with the entire organization and with their clients in a productive and efficient manner. Computer networks can now be wired or unwired or wireless. As these networks carry important data and information, it is important to secure these networks using network protocols. In other words, network security is the collection of specific tools that are designed and implemented in a network to protect data during the transmission process from source to the destination (Krawetz, 2007). On the other hand, information security involves information protection as well as the information systems from authorized use, access, modification, disruption, disclosure, destruction, inspection, or recording. Information security not only involves blocking the hackers and virus attacks, and spam email filters, but also involves working with management and the employees to make them aware of the curr ent threats on the network and protect their systems and information (Blandford, 2011). From the above description, it is quite clear that information and network security are inter related domains. Larger and complex networks are often prone to attacks by cyber criminals. Thus, the number of vulnerabilities in the network is large and thus, during the process of transmission, the data and / or information is more vulnerable to attacks. During the process of transmission process the attacker targets the channel and manipulates or extracts the required information. Effective network security defeats a range of threats from spreading or entering a network. The goals of network security are Availability, Confidentiality and Integrity (Blandford, 2011). Latest Technological Trends in Network and Information Security There has been increased number of attacks on IT organizations at very high levels and thus, security organizations are continuously evaluating and engaging with the latest trends in security technologies in order to protect the organizations against severe attacks, enable transformation to digital businesses and implement new computing techniques such as mobile, cloud and DevOps. Following are some of the up to date developments encountered in network and information security domain as per the Gartners research analysis. Workload protection platforms based on cloud technology: current data centers provide complete support to workloads which basically run in different places virtual and physical machines, and public and private cloud (Preetham, 2002). These protection platforms provide console for single management and a unique way to express policies based on security irrespective of workload locations. it is well known that attacks that are browser based are the primary attack sources on users. This gave rise to yet another technological trend of implementing a remote browser by segregating the browsing sessions at the end user. This helps in decreasing the attack areas and shifts them completely to the server sessions (Ann Forni der Meulen, 2017). Yet another technological trend in security is the implementation of EDR. EDR stands for Enterprise Detection and Response, and according to Gartner predictions, by the end of year 2020, most of the organizations (irrespective of their operational sizes) will invest in EDR based capabilities. The EDR based solutions help in easy identification of malicious attacks or unusual behaviours in network by continuously monitoring the end points. On the other hand, micro - segmentation involves establishment of segmentation and isolation features for the purposes of increased security in data centers (virtual). Few other notable up to date developments and trends in network and information security include MDR (Managed Detection and Response), CASBs (Cloud Access Security Brokers), and SDPs (Software defined Perimeters) etc (Panetta, 2017). Discussion of recent case studies In this section of the research report, a few case studies that reflect on the implementation of network and information security in global organizations have been discussed. There are several network / information security applications in market and each has its unique features and uses. SolarWinds RMM is software that is built for IT professionals and MSPs who require an IT platform designed for smarter and safer use and which help clients in operations scalability. RMM stands for Remote Monitoring and Management and this tool SolarWinds RMM is one of the leading platforms on remote management in market. This application provides clients with a set of comprehensive tools to maintain, improve and secure IT operations and processes. This application has a web based console to provide various unique security features such as integrated patch management, web content filtering, antivirus, remote access, back up and recovery, maintenance and automated monitoring etc. Capabilities of automation allows the day to day tasks or activities to be automated easily and complete visibility is gained by the on time delivery of robust reports ("SolarWinds RMM Reviews and Pricing - 2017", 2017) Network monitoring and network security features of SolarWinds RMM include the following: Internet usage and IP Address monitoring Real time analytics Resource management Server monitoring and SLA monitoring Web traffic reporting and up time monitoring Anti - virus and intrusion detection systems IP protection Spware removal, vulnerability scanning, two factor authentication, web threat management etc. One of the major success factors of SolarWinds RMM application from client perspective is the wide range of deployments that are possible when using this application, which include SaaS, Web and Cloud and also for Android and iOS. SolarWinds RMM is based in United States and offer network / information security services to all their global clients ("SolarWinds RMM Reviews and Pricing - 2017", 2017). The next example of network / information security application is the Kaspersky Endpoint Security. The network / information security services provided by Kaspersky protect their users against dangerous and severe malicious programs such as trojans, viruses, hackers, spam and many other types of intrusions. Deployment of this network security application is possible via cloud, SaaS and web. The security features provided by Kaspersky are genuine and provide high level of protection. Network security features provided by Kaspersky Endpoint Security include Anti Virus, Anti Spam, vulnerability protection, security event log, real time monitoring and virus definition updates. The next network / information security application discussed in the report is Webroot SecureAnywhere Endpoint Protection. This network security application has been mainly designed for all types of clients and for any organizational size because of low management overheads and high effectiveness, which is particularly required for SMEs and SMBs. Webroot SecureAnywhere Endpoint Protection provide multi vector type of protection against malware and viruses and offer complete protection against present sophisticated malware threats that include keyloggers, spyware, Trojans, root kits, back doors, phishing, and many other latest persistent threats that can cause major damage to the network ("Webroot SecureAnywhere Endpoint Protection Reviews and Pricing - 2017", 2017). This network security application has a built in privacy and identity shield that stops information or data being captured or stolen when working on the internet. The Webroot network application is very effective and efficient to stop malware stealing data using the outbound firewall. One of the unique features of Webroot SecureAnywhere network security application is that the clients need not worry about running the updates manually, as the cloud driven security ensures the end points to be always up to date. Just like any other network security application, the Webroot software can be deployed for Cloud, Web and SaaS and also on Android as well as on iOS (Dang-Pham, Pittayachawan Bruno, 2017). All the three network / information security applications described above have been used globally by both personal users as well as many organizations from different industries such as IT, pharmaceutical industries, and gaming industries etc. Proposed Business Expansion Strategy Considering the wide range of advantages and features provided by the various network / information security applications discussed above, the feasibility analysis was conducted to identify and propose a business expansion plan for the next five years. Considering the immediate availability of resources required for business expansion, it is proposed that the ABC Organization must consider the continuity of development of in house applications for their existing customers as well as start a new vertical in which the organization can plan to develop off the shelf applications that will have an online presence. The company can initially target customers within Australia and provide best in class network security services and update the software or any other feature control online. Considering the response from Australian clients, the ABC Organization can plan to expand their business in overseas market (Barolli, 2016). Due to intense competition in market, the organization must consider low service cost and also make their market presence in overseas markets by utilizing online marketing tools. It is important for ABC Organization to understand the advantages and disadvantages of the proposed off the shelf network / information security application with an online presence in global markets. Following are the advantages and disadvantages of new proposed business expansion solution and is presented in the form of SWOT Analysis. Strengths Weaknesses Established Organization in Australia Has the necessary technical and human resources to develop and implement the new business vertical Skilled and talented workforce within the organization The workforce is more skilled in developing in house network / information security applications Thorough training must be provided for the team to adapt them to new business vertical Opportunities Threats Increased customer base and newly added business vertical Entry to global markets Increased revenue Online maintenance of network / information security applications is very beneficial to the human resources Increased flexibility of managing network security application at the client end Increased competition in global markets The quality of service might be affected in the initial period Many gaming industries do not follow the ethical standards as per the government rules and regulations Table 1 SWOT Analysis on proposed business expansion for ABC Organization Potential solutions to overcome the risks / disadvantages identified in the report include: targeting limited number of clients / industries in the first year and observe the outcomes in terms of client feedback, revenue generated and other factors and then develop strategies / plan for further business expansion in second year. Initially the organization can target hospitality and pharmaceutical sector within Australia and overseas market. Other considerations: ABC Organization will conduct a background check on their potential clients to identify their products / services that are being sold in markets in order to avoid legal and ethical issues (Joshi Singh, 2017). A separate team can be hired by ABC Organization to run a quick background check on their clients. But, this is feasible for clients within Australia. For overseas clients, the company has to understand the legal and ethical constraints in that area and all the factors that can cause ethical and legal issues can be stated and explained in the contract document. Recommendations From the research conducted on network/ information security applications, it is recommended for ABC Organization to start a new business vertical having online presence and develop networks with overseas clients. ABC Organization must consider only the Hospitality and Pharmaceutical industries as their potential clients in their initial period. Also, resources must be recruited and adopted to meet customer demands and requirements. ABC Organization can make use of network security applications discussed in report and provide remote update and security services to their global clients (Lopez, Huang Sandhu, 2013). For the first year of business expansion, the ABC Organization must re organize their human resources and provide detailed training for their employees to cater the requirements and demands of their clients online. All the tools, applications and techniques must be covered in the process of training. Also, it is very important to test the applications on network as well as information security features before recommending them to the clients. Also, the ABC Organization must be capable of hiring human resources to separately manage their new business vertical. Conclusion Information / network security is an important part of every organization. Almost all industries these days require maintenance team for managing their network / information security. Since ABC Organization is already providing services to their Australian clients by selling their in house applications, the business proposal presented in the report is more suitable for the company to expand its business vertical and provide online network services to their clients. The network security applications and features provided by leading network security companies (as discussed in report) must be considered by the ABC Organization and enhance their network security capabilities and services. A quick background check on potential clients can help the organization to avoid ethical and legal issues. References Ann Forni, A., der Meulen, R. (2017). Gartner Identifies the Top Technologies for Security in 2017. Gartner.com. Retrieved 20 September 2017, from https://www.gartner.com/newsroom/id/3744917 Barolli, L. (2016). IEEE 30th International Conference on Advanced Information Networking and Applications Workshops. Piscataway, NJ: IEEE. Blandford, R. (2011). Information security in the cloud. Network Security, 2011(4), 15-17. https://dx.doi.org/10.1016/s1353-4858(11)70040-x Dang-Pham, D., Pittayachawan, S., Bruno, V. (2017). Exploring behavioral information security networks in an organizational context: An empirical case study. Journal Of Information Security And Applications, 34, 46-62. https://dx.doi.org/10.1016/j.jisa.2016.06.002 Joshi, C., Singh, U. (2017). Information security risks management framework A step towards mitigating security risks in university network. Journal Of Information Security And Applications, 35, 128-137. https://dx.doi.org/10.1016/j.jisa.2017.06.006 Krawetz, N. (2007). Introduction to network security. Boston, Mass.: Charles River Media. Lopez, J., Huang, X., Sandhu, R. (2013). Network and System Security. Berlin, Heidelberg: Springer. Panetta, K. (2017). Gartner Top Technologies for Security in 2017 - Smarter With Gartner. Smarter With Gartner. Retrieved 20 September 2017, from https://www.gartner.com/smarterwithgartner/gartner-top-technologies-for-security-in-2017/ Preetham, V. (2002). Internet security and firewalls. Cincinnati, Ohio: Premier Press. SolarWinds RMM Reviews and Pricing - 2017. (2017). Capterra.com. Retrieved 20 September 2017, from https://www.capterra.com/p/163344/SolarWinds-RMM/ Webroot SecureAnywhere Endpoint Protection Reviews and Pricing - 2017. (2017). Capterra.com. Retrieved 20 September 2017, from https://www.capterra.com/p/166552/Webroot-SecureAnywhere-Endpoint-Protection/