Understanding threats is key challenge in Asia

PUBLISHED : Tuesday, 29 April, 2008, 12:00am
UPDATED : Tuesday, 29 April, 2008, 12:00am

Microsoft has often been accused of doing little to fix its security problems, but there are a few issues surrounding this.

The biggest problem Microsoft has is backward compatibility. MS-DOS and other operating systems from the 1980s were created in an innocent vacuum. That was a time when computers were getting started and nobody thought much about security. In order for Microsoft to be able to sell new systems, it has always had to be able to accommodate its older ones. That makes plugging holes difficult.

In Asia, Kang Meng-chow, chief security adviser for Microsoft Greater China, said that it would be wise for all to keep vigilant and to record what happens.

'In order to detect security breaches, to provide for accountability of actions performed by users and IT systems and applications, and to evaluate and learn from information security incidents, IT security managers also need to ensure that information security events are captured, collated and analysed,' he said.

Paul Serrano, senior director of marketing for Asia-Pacific and Japan at Riverbed Technology, a company specialising in secure network solutions, said that educating companies was the biggest concern. 'While it is generally understood, it is always worth pointing out that the greatest security challenge of all is educating corporate employees of the security threat,' he said.

A former security expert for the United States Air Force, Mr Serrano has been in Asia for many years and knows the region well. 'Asia-Pacific has generally lagged behind on security initiatives for their organisations. Often this is due to the way budgets are developed in Asian companies and more typically it is because it is the 'it's the other guy who will have the problem not me' syndrome,' he said.

Along with nearly every other expert in the region, he believes that management simply does not understand the threat. It has been rare to see an executive-level commitment to securing data assets, he said. It is slowly beginning to change and he believes efforts in Asia to protect information will expand.