investing in firewalls and anti-virus solutions, Indian
businesses are now considering authentication and intrusion
detection solutions. Richard Turner, Vice President,
Asia-Pacific, RSA Security discusses the changing security
market and trends in the Asia-Pacific region. by Minu
is e-security becoming an integral part of an enterprise?
With the proliferation of the Internet and revolutionary
new e-business practices, there has never been a more
critical need for sophisticated technologies and solutions.
Today as public and private networks merge and organizations
increasingly expand their business to the Internet,
the critical need to address e-security has been realized.
RSA Security focuses on four core e-security aspects:
Authentication, Web access management, encryption and
According to a KPMG information security survey, 43
percent of the firms are implementing or planning to
implement a wireless network but over a third using
these networks do not protect them, leading to a new
phenomenon called 'drive-by hacking'.
Companies have identified hackers and viruses as the
top security threats. Less than half of the organizations
had board level responsibility for information security,
while 73 percent of security staff had no formal qualification.
75 percent of survey respondents said their Internet
connection was a frequent point of attack, compared
with 33 percent who cited their internal systems as
such. 40 percent detected system penetration from the
outside, 85 percent detected computer viruses and 70
percent of those attacked reported vandalism according
to data from a survey by Computer Security Institute.
What are the core issues enterprises face when it comes
to security solutions?
Most organizations give passwords or codes to access
the information and data. If organizations would place
all passwords they had with some strong user authentication
to access the data, they would have considerably more
secured information systems. They can report all applications
and data being used from the database.
The practice of giving access to corporate data to anyone
who might need itmobile workers, telecommuters,
business partners, suppliersfrom wherever they
are, over wired or wireless links turns that sensible
decision into a foolish one.
Application companies need to give specific access to
all their employees, as passwords are easy to crack
or to guess. You get an information overflow in an enterprise,
and you cannot limit the data being accessed through
passwords. People have access to information which,
they do not need to access as a result of which the
security of the business is compromised. This makes
it important to make sure that people prove 'who' they
are before accessing the data as extremely sensitive
information is being delivered.
Security technology changes quickly and some things
fade out. What determines the success of a technology?
If you give the customer a technology that is difficult
to use, they will not use it, as they will not be able
to perfect its use. For example if you introduce a system
like Biometrics, you have to train the staff, deploy
the reader infrastructure, and deploy additional hardware
and software. You may not want to deploy a biometrics
system because it is expensive and the technology is
also relatively new.
Many companies spend hundreds or thousands if not millions
of dollars to make the information readily available
to their staff and users. Wherever they are in the world
or whatever time is it in the day. But if the information
is not accessible when required there is negative productivity.
Similarly if security technology is unreliable and difficult
to use then why invest such huge sums in making information
available as it is not going to be put to optimum use.
So the technology or the solution has to be easy to
use and easy to deploy and generate productivity to
the business. Once the user is familiarized with his
applications and requirements the selection of the technology
or security solution is more pertinent to his business.
What trends do you observe in the Indian security market?
Typically, companies here invest in firewall and anti-virus
technology to protect their networks from viruses and
intrusions. But there has to be a gradual move from
one stage to another. Now that the need is there and
awareness has been created it is the right time to be
in the market.
Each market has to mature to a certain level to where
it is receptive to that technology. For example smart
cards are working well in Europe but that does not mean
it will work well for India too. This year we think
the Indian market has matured for authentication. Indian
customers have reached a level where people have been
investing in anti-hacking tools like firewall and intrusion
detection systems in the last few years. Having done
that, now they are restricting the access to only the
Authentication is playing an important role. Awareness
has come in and people are investing in these solutions.
Especially in key markets like banking & finance,
telecommunications, pharmaceuticals, manufacturing and
hi-tech IT manufacturing companiessoftware or
hardware, where information needs to be secured and
accessed only by the right people.
According to IDC, security authentication, authorization
and administration solutions will see an increase in
market share from 28 percent in 2001-02 to 34 percent
in 2002-03. It is also expected that with the implementation
of regulatory requirement (the IT Act 2000 and RBI guideline
for banks), PKI technology and security training will
also play a key role in the growth of the overall security
PKI which has been talked about a lot in the two years
will witness increased activity in the coming year,
due to an increase in e-commerce transactions by banks,
financial institutions and government departments. As
per IDC estimates, the Indian security market is currently
at $241 million, which is expected to touch $441 million
SECURITY SOFTWARE MARKET FORECAST for INDIA ($M)
SECURITY SOFTWARE MARKET
about network security trends in the Asia-Pacific?
The indications are already there towards telecommunications.
The telecommunications infrastructure in Asia is proof,
as to how organizations are growingthe Asian economy
is beginning to compete on the global scale. There is
WAN, remote access and all these technologies are growing
rapidly. So there is a definite indication as to where
the market is heading. With enterprises vying for the
global space and increasing online activity is directing
companies towards higher network security. Another visible
trend is Key Authentication, as more Asian countries
become Web-enabled. It will be the main driver for access
management as they embrace e-business for all their
transactions. And then a transition from Web-based to
electronic digital worldthat is PKI and the authentication
world. There is tremendous opportunity and a distinct
move from the manual paper-based world to the digital
world. Enterprises would do away with the manual paper-based
processes and make a move to the digital world, which
would require both network and e-security.
Sirsalewala can be reached at email@example.com