Tackling an unseen enemy
|
Information Security has emerged as a complex challenge, often more devastating for business than physical threats. How is industry responding?
|
THE ENCOUNTERS of the Wild West were clear cut. The bad guys wore black hats and were unshaven. The early security threats to computing, circa 1980s, were equally unambiguous: First-generation boot sector viruses appeared only weeks after the vulnerability was known. A decade later, macro, email and operating system viruses were still easily recognisable and provided advance warning of a few days. Today's most severe threats are known to be "blended'' combos of a virus, a worm and a Trojan — and the time to react is down to a few hours, sometimes minutes: Earlier this year, "Slammer" infected the first few PCs, 8.5 seconds after it was detected; in 11 minutes, it had corrupted 75,000 systems worldwide.
Tomorrow, we may no longer recognise the enemy. How do we respond, when we cannot tell the bad guys from the good — and when they attack seconds after the alert is sounded? The analogy is not far fetched. Information security has become a deadly game of shadow boxing. But the good guys are not entirely helpless: major players have come up with their own take on how to tackle information security threats posed by an increasingly rich blend of electronic attack.
Last week Frost & Sullivan anchored a day long seminar in Bangalore on "Emerging Paradigms in Information Security,'' providing a forum for major industry participants to showcase their solutions.
Some — like Cisco's "Self Defending Network'' solution — seemed to be saying: "Think of yourself as a lonely homestead, miles away from the nearest sheriff. You can't afford to wait for the posse to ride to your rescue. Pick up that shotgun and defend yourself.'' In practical terms, says Jagdish Mahapatra, Development Manager, Cisco Systems — India and SAARC, this means weaving security into the network infrastructure itself, in a way that makes one's response, proactive rather than merely reactive. Indeed companies such as Internet Security Systems have come up with what their Chief Scientist, Robert Graham, calls "pre-emptive security architectures'' to do precisely this.
Symantec, maker of the Norton family of Net security products, estimates that over $70 million of intellectual property is stolen every year. The answer according to Unmesh Deshmukh, Head of Sales — India, Symantec, is an integrated defence that comprises anti-virus products, firewalls and intrusion detection systems rather than any one of these.
With identity theft emerging as a major threat, T. M. Mani, Lead Security Consultant, IBM, explains that companies such as IBM have created special secure tools to manage identities of authorised users in an enterprise system. The Windows platform is the most ubiquitous system on the world's desktops — which makes it a prime target for hostile attack.
The company's long term answer is "Trustworthy Computing'' said Microsoft's Jasminder Gulati — an initiative launched in 2002. The latest introduction is the massive Service Pack SP2 for the Win XP system just launched in India and worldwide, with free updates and a new firewall.
With many companies using the Web as their primary network, Secure Socket Layer-based Virtual Private Network (SSL-VPN) has emerged as a hot new technology according to Nortel Network's Philip Goldie. But ultimately technology can go only thus far. The seminar highlighted the harsh truth that eternal vigilance, is the price of information security, as much as it is of liberty.
* * *
New security paradigms
THE INDIAN IT industry has grown significantly over the last few years. The revenues from the domestic market have crossed the $3 billion mark. The key to the usage of Information Technology is flow of information within the corporates and outwardly to their stakeholders. With the growing scope & complexities of businesses, the challenges are increasing. Malicious traffic and the proportion of threats are only increasing by each day. Hence, the need for Information Security. This basically involves:
— Need for securing the proprietary information
— Need for securing the transaction information
— Compliance with regulations to enhance business... a major driver in the last couple of years.
U.S. healthcare providers must comply with the Health Insurance Portability and Accountability Act (HIPAA), U.S. financial services providers are governed by the Gramm-Leach-Bliley Act, and U.K. companies must adhere to the Turnbull Report on Internal Control for public companies as well as the Data Protection Act of 1995. The ITES industry, which depends a lot on outsourcing, has to comply with these regulations. In India, the Reserve Bank of India mandate for bringing all banks online has driven the BFSI sector towards such solutions.
Technologies
The major technologies today in Information Security are: AntiViruses; Firewalls; Virtual Private Networks (VPN); and Intrusion Detection Systems.
Anti Virus traditionally had been the solution at end-point (desktops). However, with growing business complexities security solutions which addresse issues at both end-point and perimeter/gateway levels such as Firewall, VPN and Intrusion Detection Systems, have grown significantly. The Firewall-VPN revenues in India grew by around 69 per cent in 2003 to $25.2 million. The IDS revenues also grew at around 55 per cent to around $4.7 million in the same time. (Frost & Sullivan estimates). The Network Security market in India, which primarily constitutes these three technologies, is continuously growing at a tremendous rate and has crossed the $20 million mark in the first half of 2004 only.
Some of the latest trends in technologies are: Integrated Security; Evolving Intrusion Detection Systems and SSL VPNs. Integrated security is basically the other name to the concept of addressing security from all aspects of the organisation. Every device in the network — from desktops to the LAN — plays a part in securing the networked environment through a globally distributed defense. In fact, in the Indian scenario, Firewall-VPN solutions are highly integrated. SSL VPNs are again a recent phenomenon in India.
Future outlook
With growing complexities of networks & need to comply to global regulations, the cost of services associated with security will keep on riding and it is where we expect that managed services will find its footing. In India HCL Comnet, Wipro and DataCraft - Asia are leading the initiative of managed services.
(Extracts from a white paper by Shantanu Dasgupta, Senior Research Analyst, Frost & Sullivan India).
Anand Parthasarathy
Printer friendly
page
Send this article to Friends by
E-Mail
Business
