As an application security strategy, the organizations are making the whole mobile as white label. The companies push Apps in secure mode and sign for App to potentially safeguard themselves. Most APP development in western world and also India companies is happening in that direction. More than authenticating mobile device, they are moving for authenticated apps. App security and identity of application user becomes more important. Today Indian companies fortunately or unfortunately are not doing much transactional applications hence the mobile security requirement in minimal.
How vulnerable are smbs on the attack radar in the changed security landscape?
In fact SMBs are more infected than enterprises. The incidents that come out often are based on the value of the information being compromised. Today the value of smbs information is so limited not much and hence people are not bothered.
During a surveillance test in our labs, our assessment was that that 40% of Indian domains or IP have been compromised in some form. This is in line with other security vendors like Symantec that puts the number at 30%. But it does not mean that SMBs are not compromised but their value is not high hence they do not see much of traction. The larger companies however see value as it is an economic loss for them.
The changing business landscape where the SMB's need to integrate with market systems, will push them to focus more on security and hence I am optimistic that the SMB's will start soon focusing on security as well.
Does the market tilting to IoT, Software based offerings means less number of security hardware appliances at enterprise environment?
Having a firewall for IPS/ IDS is a hygiene factor for most companies. It's like having a PC and hence the companies will end up deploying it.
I see the security moving to three different trends. The security of Apps and servers has moved towards analytics. It is not so much or anymore at log and a self-correction by IPS or IDS Collating the data and putting an analytics framework around it. APT does that in some form but it is beyond APT. APT will give technical compromise but it not business compromise, Analytics helps identify business compromise like fraud etcetera.
The second trend is securing users than just infrastructure and devices. Every PC does not need equal security. For example PC of CEO will be more important than maybe peon's PC. It is era of value based security where securing every piece of information is not needed. Depending on data sensitivity, besides basic security hygiene CISOs should invest selectively where it matters the most. Earlier CIOs and CSOs created islands of apps which are now integrated to know more about the users' profiles. They are driving security through users be it APP integration or consolidation or creating single sign on to manage multiple APPs.
Sign up for CIO Asia eNewsletters.