March 2009

Security is Prime

Views: 182

Worldwide data, information pilferage and economic intelligence gathering through the use of Internet has redefined security needs and strategies to combat growing threats



With the rise in e-Governance across India and the establishment of State Data Centres that meet the information requirements of the citizens, threats to the government vertical has risen manifold. Leakage of confidential information through spyware, viruses, phishing, pharming and other blended threats is brought to the fore. There is no better example than the discovery of spyware, originating from China in the Ministry of External Affairs itself the impact of which can be immense, considering that spyware sends out at regular intervals to the attacker.

Indian enterprises today are in the process of either establishing or reinforcing their security architecture. The increasing usage of IT by government department and  for online transactions by banks and other financial institutions has given a boost to the demand for security solutions.

Over the last several years, phishing, and subsequent identity theft, is proving to be one of the biggest threats plaguing the Indian Internet space. Enterprises are now seeing the real potential of security solutions and infrastructure and they are moving towards leveraging them to accelerate business productivity.

With the Government of India taking major initiatives to make the country e-Ready by initiating various e-Governance implementations there is an increasing need to create trust by educating the transacting parties about the confidentiality and integrity of their messages. This requires identification and authentication of transacting parties.

From a consumer point of view, it isn’t anymore about someone siphoning your password with a keylogger or a phishing attack. Professional cyber criminals are adopting various methods which include, hacking consumer’s online accounts to study behavior and obtain information and then using this information for launching a fraud attack. Internet users of social networking sites have also become soft targets for future threats.

Looking at the international scenario in US, securing your network against attacks is not only good practice but is also mandated by laws such as Sarbannes-Oxley (SOX), PCI-DSS, HIPAA, GLBA and more. All these regulations require detailed reporting and an audit trail to show that you have indeed complied with the letter of the law. The intricacies of these regulations are as follows.

GLBA is an important regulation in the banking and insurance industry and governs various activities of financial institutions. HIPAA concerns itself with privacy and security of electronic patient data in hospitals. PCI-DSS regulates security in the credit card and retail industry. A company processing, storing, or transmitting payment card data must be PCI-DSS compliant.

Digvijaysinh Chudasama , VP – Sales, Cyberoam-India said, “ It can be clearly seen that, India’s current IT Act doesn’t
have the scope and vision to ensure such a granular degree of control over electronic data covering various industries. Complying with these and other regulations is often complicated, time-consuming, and costly. “

According to a report by IDC India, the key trends in the  Indian e-Security market are a convergence of network and  desktop security coming closer, unifi ed threat management  appliances and policy-based administration coming into  usage. Also of signifi cance is the emergence of security  consulting, endto- end security services and managed security services. With the installed base growth in PCs,  broadband and mobile connections increasing sporadically, several market studies show the Indian market for security products and solutions to be  around $120M, growing to around $1B by 2012. If we analyse the data over the last several  years, the overall loss in the country due to digital security lapses is increasing. In addition, many companies that have not fortifi ed their online presence have their brands defaced by  hackers taking control of their customers’ digital identities, and in some cases the company’s  website itself. The good news is that most institutions that have online presence understand  the need for providing a safe and secure environment for their customers. Secondly, the end  consumers are also becoming aware of how to operate online in a safe and secure  manner. With this in mind, we are currently working on our go-to-market plans to address the needs of  the Indian market, so that our products support the RoI expectations of the local market.

The nature of worldwide data, information pilferage and economic intelligence gathering  through the use of Internet has redefi ned security needs and strategies to combat growing threats. In one recent case, a company, a major player in power and utilities, was sabotaged  and its critical information assets compromised by its very own security vendor – a foreign  security company-something that highlights the vulnerability of networks, especially those of  a nation whose information security needs are manifold. According to Digvijaysinh  Chudasama, “There is an urgent need to redefi ne the concept of national security secrets and  moving beyond protection of the defense industry and public sector to include even the entire  private sector through compliance regulation”. He further added that setting up a Central  Nodal Agency and Accreditation for Cyber- Security Solutions along the lines of National  Security Agency in USA and other Approval and Certifi cation bodies for Security Solutions is  crucial. It should be made mandatory for security product to be indigenous especially in importantly identifi ed centres like HQ and R&D in India. The need to choose deployment of  security solution that integrates identity of a user as important criteria in providing  protection.

In regards to digital signatures Rajiv Chaddha, Vice President Sales, VeriSign India said, “The  main challenge to digital signatures gaining popularity in the government vertical is the  relative lack of education and awareness about digital signatures and its advantages. However, the awareness is increasing rapidly among business users and government offi cials  as the Controller of Certifying Authorities (CCA) is working hard to educate people about the applications and benefi ts of digital signatures.’” He further added, “Though deployments  in the government sector have been less in the last two to three years; many government  departments have now begun taking interest in digital signatures as part of their e-Governance initiative.”

Commenting on NIC’s role, he further said that, “After NIC has become a nodal agency, the  government departments have started trying digital signatures in areas like tenders, data,  e-Procurement and many other applications”. Digital signatures provide a secure  environment by assuring the parties involved in the transaction that their information is  confi dential and ensuring the identifi cation and authentication of the transacting parties, so  that they cannot repudiate the transaction at a later date. Among other major government departments that have embraced this concept is the DGSD or Directorate General of Supplies  and Disposal that has considered digital signatures for better transparency and is expectedly going to formally complete the online rollout soon.

With the arrival of the e-Governance era, information like taxation, land records and more  while available easily and readily to the citizens stands vulnerable to attackers. Securing the data centers and other repositories of information, thus preventing confi dential data leakage,  controlling access to inappropriate sites, complete visibility into the network so as to know who is doing what in it, and monitoring and control of user behavior hold the key to future security.

Comments

comments

Click to comment

Leave a Reply

Your email address will not be published.

Latest News

To Top