Network security is about setting up a defence mechanism. It is more than just the security measures provided by most applications like passwords, etc. In the name of security two things are happening today. While on one hand most companies are avoiding connecting their LANs directly to the external environment, on the other some have installed firewalls in the critical servers on their network. "However, all this is not foolproof and sufficient," explains Balakrishnan R, COO, Euclid. "A firewall is only a tool and it needs to be implemented aptly using security policies and procedures."

Infosec is more about a well-formulated policy than technology deployment. It is about allowing universal access. It is about understanding the user's need and what is provided by way of technology. In toto, a security policy is about understanding business operations, applications and usage, and building a framework around this. A crucial step in this regard is to pinpoint the vulnerabilities, understand how susceptible the network is to a security infringement, monitoring of potential risk factors such as VPNs, cable modems, and mobile users, and to have intrusion detection mechanisms in place to respond quickly and effectively. And most importantly, it needs to be seen that the bandwidth is not clogged.

It is not so easy as on one hand domain expertise is needed, and on the other, it is a process involving people from the top to bottom to define a security policy and how to manage it. Formulation of a security policy does not end with mapping; it demands defining a security scheme-password allocation, backing up of data, and so on. This is a cumbersome process and therefore, most companies are sulking. Whatever the specs, it is crucial to develop a security strategy that addresses the network as a single entity. Anything short of a comprehensive solution leaves the network vulnerable. Internet Security Systems (ISS), a leading player in the security arena, professes that the key to creating useful, transparent, and enforceable network security comes from adopting a process that provides broad-based needs input, careful identification of network resources and access requirements and data-driven implementation and management services.

Another important factor along with the security is a business continuity planning. It is the surrogate capability available in the event of a disaster. Business continuity planning seeks to preserve the assets of an organization in the event of a disaster: Its capability to achieve its mission; its operational capability; its reputation and image; its customer base and market share and; its profitability.