In Person: Authentication and Authorization
‘There is a need to go beyond the password’

When it comes to conducting business transactions over the Internet, user names and passwords no longer suffice, says Deepak Prasad, director, Rainbow Technologies. He spoke to Network Magazine about new security trends, his perception of the Indian security market and a new company initiative called Instant Private Web. by Gaurav Patra

How is the security segment moving?
I believe the security segment is poised for tremendous growth. Security spending is also on the rise. As per the KPMG report, the Security Software products market will experience around 80 percent growth in the Indian market place, and the total Indian security market is going to be around $38 million. In the past two years we grew at a very fast pace in India.

What is your perception about the Indian market?
The Indian market is pretty large in terms of customer requirements. We have a unique opportunity because of the work that we've done over the years. We have built a team of experts here in India and we have a deep understanding of the Indian market and market requirements. Our access to this market is also very good. We are now looking at playing a very strong role here. The Indian IT market is still in its growing stage. And as far as security products are concerned it has just begun to emerge.

What are the critical issues regarding Internet security?
As long as enterprises are connected via LAN within their premises, it is self-contained. When you really want to leverage the power of the Web then you are geographically spread out at so many places, and the necessity of sharing information is so tremendous. When this happens there is a tremendous amount of comparative advantage that the business stands to gain by leveraging the Web. When you are trying to do this, at the back-end you are exposing your systems as part of the public websites (corporate website).

From the client side you would want to ensure basic things such as authentication and authorization. You only want the right people to log in. Once these people are able to get into your Web resources, you want to be able to authorize different groups, like the HR guy can only access the HR resources, not the sales resources and so on. So, the movement is towards leveraging the Web more and more. From a security standpoint there is a risk. I think, it is basically this risk that is currently driving the Internet security segments.

How serious are enterprises about security?
I would say, enterprises are very serious. The awareness is growing. But, it is the gap in terms of security that keeps them on the other side. In fact the increase in awareness levels has helped enterprises in deciding to leverage the power of the Internet. Especially, segments like Banking & Finance, Software Publishing, Healthcare and also the Corporates are very much concerned about their IT security setup.

What emerging security trends do you see in the Indian market?
There are two major trends that I can see. One is the distinct movement towards the Web. The power of the Web to really bring together a vast supply chain network and by doing this everything almost seems to be connected. Enterprises are getting to understand this, and they want to leverage that, and there is a lot of movement that we would be seeing in the future in terms of applications moving to the Web.

From a security standpoint, we would need to really address the security concerns that arise out of applications moving to the Web. Till date, most of the applications like, financial accounting, Tally, etc. were standalone applications. The Web was not a very successful medium. But, things are changing now or have already changed. Even customers have realized this, and they have also the knowledge about different vendors' initiatives in this field.

The second trend I see is the need to go beyond the password. So, far we have been quite happy using the traditional model of user names or passwords. As long as you are really not trying to leverage business advantages on the Web, this is absolutely fine. But the moment you are trying to do that, one should not depend only on a password that can be broken easily or shared between users.

There is a necessity to move to a level of security that demands a critical factor, like authentication. This is something, which we are already using very commonly in terms of the way we do banking or the way we use the credit card.

If you go to a shop and transact using your credit card, does the shopkeeper only take your credit card number? He does not. He also asks you to sign on the counter-foil, because the number alone is not enough.

Similarly, the password or user name is not enough. It has to be supported by another layer of security, which has to be based on something that you are, or something that you have. In case of credit cards it is your signature that is so unique to you. And in other cases, especially on the Internet, it is something that you have and that's the token. So, on the Internet you need something more than the password. So, I believe the other trend is the removal of password from the Internet environment.

What offerings do you have for the enterprise as well as for the Internet segments?
For the enterprise, we have come out with an initiative called Instant Private Web. This is Rainbow's focused foray into this segment. That is actually made possible because of our offering called Rainbow NetSwift i-Gate. This is basically an appliance, which takes care of the integration to bridge the security gap. We have introduced this offering in the market and at the same point of time created the Professional Services Group that actually takes away any further road-blocks that any enterprise might have. Our sincere effort is to help enterprises leverage the power of the Web.

Rainbow's offering is very wide. We have a very strong position in the anti-piracy segment. We have already sold 26 million hardware locks for the same. In India, we have driven the mission ‘anti-piracy’. In terms of anti-piracy and Internet security, Rainbow offers end-to -end security. From the client side we have i-Keys, and on the server side we talk about hardware security modules, which are used by certification authorities. In the Internet security segment, we are into providing end-to-end security. We want to be extremely focused in each of these segments, so that we are able to provide the most that we can to each of these segments.

What's the uniqueness of Rainbow as a security company?
We are uniquely poised to address the Indian market. And I think this advantage is unique to India for Rainbow as compared to the other offices because of the proximity and synergy that we have with our customers. This is a fully functional office of Rainbow with a software R&D center, a technical support team (this support team also caters to the entire Asia Pacific market) and the knowledge base that we have on the Indian market. Security is a very different segment, as you need to understand not only the technology but also the customer requirements. And, we have a very deep understanding of the Indian market and market requirements. No other company enjoys this comfort. Our technical team consists of those people who not only understand Rainbow products, they also understand the needs and how to effectively build up a security strategy for an enterprise. And, this is the biggest advantage that we have over others.

Any future plans?
We want to take our dream further, by providing the best services and solutions, and keep enhancing and upgrading our products. Just beyond selling, we are today poised to nurture the software products market in India. We are also in the process of setting up a Professional Services Group in India, to provide consulting services to enterprises desirous of incorporating e-security in various solutions for different vertical segments like Banking, Healthcare and Government.

Gaurav Patra can be reached at gauravpatra@hotmail.com