D.Murali

Chennai: Are social networking, IM (instant messaging), and web-emails to be shunned in organisations? “The easiest thing to do would be to simply prevent employees using these kinds of tools but I don’t think this is very practical in today’s organisations,” says Mr Jonathan Wilkinson, Business Development Manager, APAC, Hosted Security, Websense Inc, Australia.

New employees entering the workplace have grown up using these kinds of technologies and preventing access could impact employee satisfaction and even discourage fresh talent from joining the company, he reasons, during a recent interaction with Business Line. “I think most organisations today strive to strike a balance between allowing their employees to use these tools in a safe way without compromising employee productivity,” he adds.

That’s where Websense pitches in, with its web security solutions and tools for organisations to enforce and report on Internet usage policies.

Excerpts from the interview.

What are the costs to organisations of not having an e-mail security solution? How aware are Indian companies to the need for an e-mail security solution?

Most Indian organisations are fully aware of the dangers of not having any email security given the criticality of email which is seen by many as an operational necessity. Therefore, most organisations will have some form of protection against spam, viruses and unwanted content but this is predominately in the form of software which filters email on the network.

Given that spam represents 90 per cent of email today, organisations face spiralling costs associated with managing and scaling their internal messaging infrastructure to tackle the growing burden of unwanted email.

This is one of the principal reasons why we are seeing widespread adoption of the ‘software-as-service’ (SaaS) approach to email security. By using a SaaS solution, organisations can ensure maximum protection against email based threats yet enjoy a reduction in complexity and total cost of ownership through cost savings in areas such as bandwidth, storage, administration, training, employee productivity and a reduction in multiple software licences.

From which sectors do you see the greatest demand?

Spammers don’t discriminate and therefore every organisation faces problems with unwanted email. Any organisation that has invested in hardware and software to tackle this problem could potentially benefit from using a hosted email security solution. Websense has 3,500 organisations currently using this service from practically every industry vertical.

Is Websense looking at India only as a market, or also as a development centre?

Websense established a sales, marketing and technical presence in India in 2005 and continues to expect strong growth in the region.

What are the newer threats that inboxes are coming under?

Websense Security Labs discovers and investigates today’s advanced Internet threats 24 hours a day, seven days a week. The ongoing results of our continual investigations confirm that the threat landscape is continually evolving. Fundamentally, the source of these threats has changed. It’s no longer just techies writing code for fun or glory but organised criminals funding the development of new threats to steal confidential information and make huge amounts of money. With this shift in motivation comes an increasing level of complexity with new threats that are being designed to circumvent traditional preventative measures and they’re not going to go away. Phishing attacks are a good example of how threats continue to evolve and converge because a phishing attack involves both elements of email and the web; the email is designed to lure an unsuspecting user to a website and trick them into entering confidential data which is then used fraudulently. These kinds of threats will continue to evolve with social engineering and adoption of other technologies such as VoIP playing an increasing role.

In this age of increasing M&A activity around, are IT systems put to a greater risk vulnerability?

Yes. Integrating and scaling messaging infrastructure can be complex and costly, exposing organisations to increased risk of Internet threats. But it doesn’t haven’t to be like this and is another reason why we’re seeing organisations make the switch to a SaaS approach for email security as there is no reliance on hardware and software for email filtering on the network. Another challenge is managing the culture of email and web use, ensuring security policies are defined and enforced yet still providing the flexibility required with a strong emphasis on educating users about the potential risks.

Does the wireless space accentuate security issues with regard to mails, surfing and so on?

This is a good example of how organisations continue to evolve in the way in which they do business, presenting new challenges around Internet security as it becomes more difficult to enforce security policy for users accessing the Internet outside of the traditional corporate ‘brick and mortar’ environment. Senior executives are one group of remote users that are most at risk: lots of travel with the need to access email/Internet remotely on a corporate machine, often insisting on having full security rights to their laptop, carrying highly sensitive information and usually having little or no understanding of the true extent of the threats that are out there.

How do you see corporate networks in five years from now?

Widespread adoption of SaaS solutions across every area of information technology is what I foresee. The concept of SaaS is by no means new in India and many organisations have already made the transition to this model in areas such as CRM, HR, video conferencing and accounting. However, I expect widespread adoption of SaaS in both email and web security as organisations leverage the expertise of dedicated providers so they can focus on areas of their business which add more value, ensuring IT remains an enabler for growth and agility not an operational evil.

Are attacks reported and documented, or are the stories merely horror tales?

They’re certainly not horror tales; the risks are very real and often documented. However, many organisations are not likely to publicly admit if they’ve been compromised by malware or if their messaging infrastructure is suffering from the bombardment of spam. Also, the problem is that threats aren’t always obvious and the real danger is those threats that organisations don’t know about. For example, an end-user receives an email with a link to a website which has been compromised by malware; the malware infects the machine with key logging software, silently capturing access codes for internal systems or perhaps Internet banking passwords. This is a good example of why a holistic approach is required to threat prevention which focuses on monitoring and securing email, web, the desktop and the data itself.

What are the common myths about hosted email security?

Most IT security decision makers believe that hosted messaging security can provide a number of advantages such as reduced costs for IT, improvement in capture rates for spam, viruses and other threats, and greater organisational flexibility. That said, there is a common misconception that security of email is compromised by using a service rather than traditional on-premise solutions. It’s almost like people feel they are giving their email away. Of course, the reality is completely the reverse; any Internet user today has very little control over the route an email will take to arrive at its final destination as it passes through many hops on the way. Websense is just another hop in the delivery chain, only quarantining unwanted email as the legitimate email is delivered as normal. Unlike an ISP that filters email in a similar way, Websense provide a contract with strong SLAs and assurances around data privacy in addition to our ISO 27001 accreditation which is an ISMS (information management security system) standard. Our global delivery network of data centres is probably more robust and secure than most organisations messaging environments today and finally, I always talk about our existing customers; financial institutions, legal firms and government agencies who’ve done their homework and are satisfied that security with our service is in fact increased not compromised.

Would it not be better if we are able to locate who is causing the mischief and get rid of the same, rather than putting up fences and rings everywhere in the form of security solutions?

Let’s not forget that the sources of these threats are organised criminals. In a way, cybercrime is the perfect business model; highly distributed with virtual teams of people spanning different geographies and time zones, with vast amounts of capital available to develop new threats without operating under any legal or legislative constraints. The FBI Cyber Division has developed a concept of Cyber Action Teams which act as fly-away squads to take down cybercriminals. However, companies need real-time protection so the need for comprehensive email, web and data security will still exist. Just because we have police patrolling our streets, doesn’t mean we leave the doors to our homes unlocked.

**

http://InterviewsInsights.blogspot.com