Worldwide data, information pilferage and economic intelligence gathering through the use of Internet has redefined security needs and strategies to combat growing threats
With the rise in e-Governance across India and the establishment of State Data Centres that meet the information requirements of the citizens, threats to the government vertical has risen manifold. Leakage of confidential information through spyware, viruses, phishing, pharming and other blended threats is brought to the fore. There is no better example than the discovery of spyware, originating from China in the Ministry of External Affairs itself the impact of which can be immense, considering that spyware sends out at regular intervals to the attacker.
Indian enterprises today are in the process of either establishing or reinforcing their security architecture. The increasing usage of IT by government department and for online transactions by banks and other financial institutions has given a boost to the demand for security solutions.
Over the last several years, phishing, and subsequent identity theft, is proving to be one of the biggest threats plaguing the Indian Internet space. Enterprises are now seeing the real potential of security solutions and infrastructure and they are moving towards leveraging them to accelerate business productivity.
With the Government of India taking major initiatives to make the country e-Ready by initiating various e-Governance implementations there is an increasing need to create trust by educating the transacting parties about the confidentiality and integrity of their messages. This requires identification and authentication of transacting parties.
From a consumer point of view, it isn’t anymore about someone siphoning your password with a keylogger or a phishing attack. Professional cyber criminals are adopting various methods which include, hacking consumer’s online accounts to study behavior and obtain information and then using this information for launching a fraud attack. Internet users of social networking sites have also become soft targets for future threats.
Looking at the international scenario in US, securing your network against attacks is not only good practice but is also mandated by laws such as Sarbannes-Oxley (SOX), PCI-DSS, HIPAA, GLBA and more. All these regulations require detailed reporting and an audit trail to show that you have indeed complied with the letter of the law. The intricacies of these regulations are as follows.
GLBA is an important regulation in the banking and insurance industry and governs various activities of financial institutions. HIPAA concerns itself with privacy and security of electronic patient data in hospitals. PCI-DSS regulates security in the credit card and retail industry. A company processing, storing, or transmitting payment card data must be PCI-DSS compliant.
Digvijaysinh Chudasama , VP – Sales, Cyberoam-India said, “ It can be clearly seen that, India’s current IT Act doesn’t
have the scope and vision to ensure such a granular degree of control over electronic data covering various industries. Complying with these and other regulations is often complicated, time-consuming, and costly. “
According to a report by IDC India, the key trends in the Indian e-Security market are a convergence of network and desktop security coming closer, unifi ed threat management appliances and policy-based administration coming into usage. Also of signifi cance is the emergence of security consulting, endto- end security services and managed security services. With the installed base growth in PCs, broadband and mobile connections increasing sporadically, several market studies show the Indian market for security products and solutions to be around $120M, growing to around $1B by 2012. If we analyse the data over the last several years, the overall loss in the country due to digital security lapses is increasing. In addition, many companies that have not fortifi ed their online presence have their brands defaced by hackers taking control of their customers’ digital identities, and in some cases the company’s website itself. The good news is that most institutions that have online presence understand the need for providing a safe and secure environment for their customers. Secondly, the end consumers are also becoming aware of how to operate online in a safe and secure manner. With this in mind, we are currently working on our go-to-market plans to address the needs of the Indian market, so that our products support the RoI expectations of the local market.
The nature of worldwide data, information pilferage and economic intelligence gathering through the use of Internet has redefi ned security needs and strategies to combat growing threats. In one recent case, a company, a major player in power and utilities, was sabotaged and its critical information assets compromised by its very own security vendor – a foreign security company-something that highlights the vulnerability of networks, especially those of a nation whose information security needs are manifold. According to Digvijaysinh Chudasama, “There is an urgent need to redefi ne the concept of national security secrets and moving beyond protection of the defense industry and public sector to include even the entire private sector through compliance regulation”. He further added that setting up a Central Nodal Agency and Accreditation for Cyber- Security Solutions along the lines of National Security Agency in USA and other Approval and Certifi cation bodies for Security Solutions is crucial. It should be made mandatory for security product to be indigenous especially in importantly identifi ed centres like HQ and R&D in India. The need to choose deployment of security solution that integrates identity of a user as important criteria in providing protection.
In regards to digital signatures Rajiv Chaddha, Vice President Sales, VeriSign India said, “The main challenge to digital signatures gaining popularity in the government vertical is the relative lack of education and awareness about digital signatures and its advantages. However, the awareness is increasing rapidly among business users and government offi cials as the Controller of Certifying Authorities (CCA) is working hard to educate people about the applications and benefi ts of digital signatures.’” He further added, “Though deployments in the government sector have been less in the last two to three years; many government departments have now begun taking interest in digital signatures as part of their e-Governance initiative.”
Commenting on NIC’s role, he further said that, “After NIC has become a nodal agency, the government departments have started trying digital signatures in areas like tenders, data, e-Procurement and many other applications”. Digital signatures provide a secure environment by assuring the parties involved in the transaction that their information is confi dential and ensuring the identifi cation and authentication of the transacting parties, so that they cannot repudiate the transaction at a later date. Among other major government departments that have embraced this concept is the DGSD or Directorate General of Supplies and Disposal that has considered digital signatures for better transparency and is expectedly going to formally complete the online rollout soon.
With the arrival of the e-Governance era, information like taxation, land records and more while available easily and readily to the citizens stands vulnerable to attackers. Securing the data centers and other repositories of information, thus preventing confi dential data leakage, controlling access to inappropriate sites, complete visibility into the network so as to know who is doing what in it, and monitoring and control of user behavior hold the key to future security.