View from India: Build human capital to address cyber threats
Malicious attacks on IT systems are becoming more complex and new malware is constantly being developed. Unfortunately, companies that work with big data face these issues daily.
It’s for this reason that companies across the Indian IT landscape are increasingly investing in cyber security services to strengthen their digital infrastructure and provide data security solutions to their clients.
Another trend is that companies are investing in human capital to build a trained data security workforce. Both aspects are in sync with the Cyber Security Task Force’s Vision 2025 whose aim is to grow the Indian Cyber Security Products and Services Industry to USD 35 billion.
The Cyber Security Task Force has been initiated by National Association of Software and Services Companies (NASSCOM) and Data Security Council of India (DSCI). Considering the 2017 Union Budget has set a mission to achieve a target of Rs 2,500 crore (£30m) digital transactions for 2017-18 through Unique Payment Interface (UPI), Unstructured Supplementary Service Data (USSD), Aadhar Pay, Immediate Payment Service (IMPS) and debit cards, it makes sense to make India a cyber-secure hub, essential for the Prime Minister Narendra Modi’s Digital India Mission.
Of immediate concern to companies using Big Data is the security of cloud-based systems and the supposition that legitimate cloud file-hosting services such as Dropbox, Box and Stream Nation are at risk of being used as control servers in upcoming cyber-espionage campaigns. If targeted, these popular cloud services could enable the malware to transfer commands without raising suspicion.
Consequently, advancements in computing technology have made systems connected and more robust. While this has increased automation and strengthened synergies to work together, it has also led to crucial challenges related to cyber and data security.
“Challenges like single level of protection and continuous evolution of non-relational databases (NoSQL), dated access control encryption and connections security, combined with the constant hacking threats, are making it difficult for security solutions to keep up with the demand,” said Meenu Chandra, Senior Attorney Manager, IP & DCU Lead (India Region), Microsoft.
Data is the most critical asset for a business entity. The threat to data emerges from internal (employees) and external cybercriminals including hackers and ransomware attackers. With the ever increasing threat landscape, there is a compelling need for businesses to mitigate security risks through investments in ransomware solutions, identity and access management, threat intelligence, monitoring tools, audit and assessment, besides ensure regulatory compliance such as Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA).
Increasingly, cloud is being sought after to address this challenge. That’s because the cloud service provider takes on a big responsibility as companies progress from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) and then to Software as a Service (SaaS). Hence the adoption of disruptive technologies, i.e. cloud, not only helps in the digital transformation of a company but also in their overall data and cyber security.
Hyderabad-headquartered CtrlS Datacenters Ltd has introduced the Next Generation Managed Security and Compliance Services to address the security needs of businesses across industry verticals such as Banking, Financial Services, and Insurance (BFSI), Manufacturing, Healthcare, Telecom, Retail, E-Commerce and IT/ITeS. The security services help identify, detect threats, incidents and respond with a plan and to ensure seamless business operations.
The CtrlS service portfolio includes remote managed firewall management with IPS next generation firewall (NGFW), managed APT (Advanced Persistence Threat), managed PIM (Privilege Identity Manager), vulnerability assessment as a service, managed FIM (File Integrity Monitoring), managed Compliance as a Service, Penetration Testing as a Service, managed Web Application Firewall, managed encryption, managed e-mail security, managed web security, managed secure DNS, compliance Services focused on PCI-DSS, ISO 27001:2013, HIPPA, Good X Practices (GXP), Risk Assessment/Information Health Check as Service, SAP Governance Risk & Compliance. The services are offered on a pay-as-you-use model.
“Our Managed Security Services provide a ‘Security Shield’ for organizations to protect their data from security threats supported by 40+ security tools and controls backed by a Single service legal agreement (SLA) from detection to remediation. Their infrastructure is monitored through our 24X7 Security Operations Center (SOC) manned by skilled and certified security professionals. This apart, our security offering provides zero second cyber threat detection and remediation, secures the whole life cycle of data from creation to consumption to secure destruction and lastly ensures regulatory, standards compliance for hyper converged infrastructure,” explained Sridhar Pinnapureddy, Founder and CEO, CtrlS Datacenter.
To support a comprehensive, cross-company approach to security, Microsoft invests more than a billion dollars in security research and development annually.
“Our commitment to cloud is reflected in our heavy investment on 100 data centers in 19 regions in over 40 countries, including India. Additionally, the Cyber Security Engagement Center (CSEC) leverages our know-how, expertise and technology on cyber threat and offer to enable the government and enterprises to understand existing cyber threats and tap into a pool of resources such as security specialists and technologies at the company to effectively respond to digital threats,” highlighted Chandra.
CSEC enables customers to work closely with a dedicated India-based response team from Microsoft Consultancy Services (MCS), to develop enterprise security strategies to empower their critical digital transformation.
However, cyber and data security, backed by trained data personnel, is an important dimension of digital transformation. Companies are filling the talent gaps through technology and outsourcing certain security functions, such as risk assessment and mitigation, network monitoring and access management and repair of compromised systems.
Apart from this, skill shortage can be addressed by the automation of certain tasks that are repeatable and the re-skilling of employees is done for additional complex problems. While automation will never fully replace human judgment, it does create efficiencies which allow cyber-security professionals to focus their time and talent on the more advanced threats that require human intervention.
“India has companies that provide data security as a service, but when we look at the overall scenario, there is a shortage of data security professionals in the country,” said Sharath Satish, Lead Consultant and Office Technology Principal at ThoughtWorks India, a software company.
On its part, ThoughtWorks India has security professionals across India geared to address security issues. “All our professionals undergo training through AppSec101 (Application Security 101), a day-long programme that helps raise the awareness levels of threats and prepares employees to handle such situations as they gain exposure to specific kind of attacks,” added Satish. Other than that, employees get a hands-on experience when security workshops are conducted during the execution of projects for clients.
With the last six months being a classic example of how important security is becoming, companies must take heed to confronting challenges head-on in terms of protecting their IT infrastructure at every level.
“Today the transformation of the data center is inevitable as the advantages are numerous. Though the opportunities for both end-user security and data centre infrastructure are growing rapidly, the top two challenges faced by organisations are the limitations of existing security frameworks and the process of moving away from a single type of data center deployment to integrating both private and public cloud services into an architecture,” explained Sanjay Agrawal - Director of Platforms and Solutions Group, Hitachi Data Systems (HDS).
At HDS, security is a core tenet of Hitachi Content Platform (HCP) and HCP Anywhere. Hitachi’s Content Portfolio solution is built to address current business objectives while enabling their transformational business strategies.
“Whether the data is in the data centre, a private/hybrid/public cloud, on the edge, or mobile devices, customer data remains controlled and securely protected by an agile IT system with embedded intelligence capabilities,” added Agrawal.
Pentaho, the big data analytics solution also provides successful data integration and business analytics for organizational and business data. With advanced analytics and machine learning integrations using Pentaho and Hitachi Streaming Data Platform, the company can help provide real time threat intelligence, risk-based alerting, and identify abnormal user behavior, while addressing the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and meet increasingly rigorous compliance requirements.
“Sometimes security is not a tech problem, companies get hacked when a particular employee is compromised. Targeted phishing attacks can happen if the person clicks on a link that’s come through an email or if the user has a weak or guessable password. We need to gear up and defend ourselves during such attacks,” Satish said.
Security is an ongoing concern in organisations as a plethora of devices including mobiles, tablets, vehicles and social media generate data at an exponential pace. Communication needs to be secure and safe. This can happen when a suite of tech solutions analyze data through artificial intelligence (AI) and machine learning (ML) to safeguard intellectual property (IP), and track malware and cyber attacks.
Skilled workforce and capacity building initiatives are also fundamental to strengthen the cyber-security industry in India.