SMEs need to... focus their attention!

It will be pertinent to underline that fact that the alignment of security process with the business functions is, indeed, a highly challenging task. 

“Knowing who and what is on the network and where potential risks lie is essential for maintaining security and integrity. At the same time, complying with industry regulations and keeping up with the latest available technology updates, without significantly increasing budget, is a challenging task. With all these challenges, there is always a need for enhancing security and as we have seen in the past -as challenges increase, vendors will come out with new and robust innovations to mitigate those challenges,” says Ashish Kothari, Service Product Line Leader, IBM Security Services.

In the midst of tightening economic conditions, it may be possible that security priority may take a backseat due to competitive pressures. However, this move is fraught with serious consequences.

There is no need to repeat ad nauseum and ad infinitum that what a network breach can do to your business. Apart from costing thousands of dollars, it can also lead to legal troubles. To add woes to the slowdown worries, security professionals are facing the most serious threat environment in the recent past. 

According to Altaf Halde, Country Director, Sophos, which offers award-winning encryption, endpoint security, web, email, and network access control solutions, network, security is useful for detecting attackers within the perimeter and is considered easier to deploy than endpoint software (being able to put an appliance inline at a gateway versus deployment to lots of machines). Traditional network-based enforcement has been somewhat reliant on the concept that most devices could be connected to a defined network, an increasingly unrealistic expectation. The increasing use of mobile technology and the prevalence of roaming users challenges this alone, with no guarantee that traffic will go through the right places to be scanned.  

With the rising sophistication of the attacks, the ongoing discovery of vulnerabilities and the new legislations and regulations by governing authorities, network security is bound to grow more powerful in the coming years. “What is required is a business-driven approach to security rather than a techno-centric approach. It should be the business goals that drive the requirements in securing the enterprise,” says Bhaskar Bakthavatsalu, Regional Director, Check Point Software Technologies, India & SAARC. 

The tactics are becoming more targeted. Additional enterprise risk is being generated due to the increase in the number and business importance of web applications. Budgets may be tight, but responsibility does not change: minimize risk. 

“Network Security has a long way to go. Nowadays, Network security is important not only for large enterprises, but it is also becoming common for SMBs and even in the SOHO segment as organizations which are buying it  do realize the importance of Network and e-Security,” says Mohit Puri, Country Manager - India/SAARC, WatchGuard Technologies, Inc.

“Business across geographies, collaborative commerce, any time/anywhere access needs, availability, cost management, productivity are business drivers to grow the network  security segment in future too,” says Sriram,CEO, iValue InfoSolutions.

“In recent years, we have seen growing Internet dependence among organizations of all sizes in India. Almost all companies today use web-based processes in storing, accessing and transmitting data. Newer technologies such as virtualization, unified communications, and cloud computing are increasingly being adopted because they help reduce costs while addressing system manageability issues,” says Tushar Sighat, Vice-President - Operations, Cyberoam - India & SAARC.

In the light of the above developments, companies have started facing security challenges from both external and internal elements. The network security scene, far from becoming redundant, is actually becoming more wide in scope. This is because security threats are getting more serious. For example, personal data security breaches are being reported more regularly and there have been numerous examples of hackers accessing corporate computers and compromising computer systems or stealing vital corporate data including personal information.

Despite the prevalence of such dangerous threats, both small and large companies lack resources to effectively handle security issues on their own. Consequently, the demand for specialized security solutions is rising.

True, this is asking too much in the face of spending cutbacks, but because budgets are getting tight, you have to be focussed on how to best reduce risk, and it is definitely not tantamount to paying less attention to security. 

The Network Security market in India is coming of age, largely driven by the businesses recognizing that security should be a prime concern area for them. Organizations are, therefore, adopting a proactive approach towards embracing security measures as a business imperative. 

According to the recently released annual security report (2009) by Cisco, the number of vulnerabilities and threats remained relatively consistent in 2009 compared to previous years, but the exploit and attack threat levels have increased by 57 per cent. New attacks relyA on social media users' willingness to respond to messages that supposedly originate from people they know and trust. It is easier - and often, more lucrative - to fool a social media user in order to launch an attack or exploit or steal personal information. 

Organizations are fast adopting advanced security solutions to protect end-points, network admission control, application security and security monitoring and event correlation and this segment is growing almost double the rate of traditional security solutions.

The goal of IT infrastructure therefore is to create systems that can detect and protect against unauthorized access while providing timely access to legitimate users. Today's networks must be able to respond to attacks in ways that maintain network availability and reliability and allow a business to continue to function. In many respects, the goal of security is to make networks more resilient by making them more flexible.

As long as there are networks with information on them, Network Security will not become redundant. In fact, as financially motivated hackers find new and dangerous ways to affect the integrity, confidentiality and availability of information flowing across networks, network security will become more powerful and be integrated right from the design phases of all information technology.

For successful functioning of business, revenue generation and loss prevention are essential business requirements. When either one or both of these suffer, SMEs bear the burnt. 

“To mitigate these risks, companies (big or small) need to integrate secure solutions throughout their converged networks to provide layered and ubiquitous defences to not only help prevent information technology intrusions but also facilitate awareness and effective response to attacks when they occur. We feel both enterprise and SME customers are placing equal importance on securing their networks as it is seen as an imperative in accelerating growth,” says Ashish Kothari.  

Therefore, IT as well as security has increasingly become important for business growth and resiliency from the SME point of view as well. The challenge SMEs face today is the difficulty in hiring and retaining security professionals, especially when there is a large variety in technology all around and cloud-based services and managed services should make good economic sense for SMEs. 

The Network Security industry market is seeing a whole lot of trends. SMEs in India are increasingly becoming aware of the importance of IT security and have emerged as the biggest growth drivers of IT security. 

SMEs do not have the unlimited resources that a large enterprise has, to absorb attacks which may have business impact. This means SMEs have to be more careful in their security deployments and ensure that adequate planning goes in the initial phases, followed by continuous changes to fight newer threats. In quite a few cases, SMEs are the first ones to adopt newer security technologies, as they see the real need to respond to a business impacting risk. “The SMEs in India have come to realize the importance of security and in most cases are beyond firewalls and UTM boxes and are seriously looking at technologies like network admission control (NAC) and infrastructure security to keep the insider threats under control,” says Jatin Sachdeva (CISSP, CISA), Information Security Adviser, Cisco Asia Pacific.

With broadband usage quickly becoming a standard in the business world and network security hazards on the rise, small businesses without a dedicated IT team are faced with the great challenge of protecting their networks from threats. “However, in order to meet this challenge, small and medium businesses must first face a greater challenge: understanding and acknowledging the threats,” says Bhaskar Bakthavatsalu.

“Since SME needs to compete for their business with larger entities, they also had to invest in network security and data protection solutions in addition to ERP/CRM packages,” says Sriram.

The Indian SMEs have typically had a conservative attitude towards technology, but this is changing rapidly. The liberalization of the Indian economy and growing competition has created a situation where organizations that are best equipped to handle the transition will be the ones who competitively differentiate themselves from the rest of the market. According to Vishak Raman, Regional Director, SAARC, Fortinet, “A robust IT infrastructure is one of the key enablers of this differentiation and many SMBs have now recognized this fact and are definitely overcoming their resistance and inertia towards adaptation of technology.” 

SMEs would ideally prefer to deploy any IT solution that is easy to deploy, use, manage and even more easier to scale. “Fortinet offers a wide complement of security solutions carefully designed to serve SME/SMB needs with these qualities in mind. These easy-to-deploy and manage systems deliver turnkey platform that is ideally suited to smaller businesses and branch offices with the security they need,” says Vishak Raman. 

“The small and medium enterprises have started implementing the security framework and they are aiming to effectively mitigate threats and vulnerabilities. The framework would model security issues in terms of owner, vulnerabilities, threat agents, threats, countermeasures, risks and assets, and their relationship,” says Mohit of WatchGuard.

“SMEs are adopting network security fast. Especially when it comes to UTMs, they are very quick to accept the value proposition. SMEs today understand that the networks have become susceptible to external as well as internal threats and they don’t have to be large enterprises to be vulnerable. They are finding UTMs to be providing irresistible value with low TCO and fast ROIs,” says Sunil Sapra of ASTARO. “The adoption of UTMs in SMEs is on an upswing and I envisage this to continue for many years to come.  ASTARO is very excited to be in India and we will continue to provide the best value for money UTM solutions to the vast SME population in India. We are taking this endeavour a step further and have launched ASTARO-hosted Mail Archival Services in the cloud and I am sure India SMEs will find this a very useful and affordable service.”

The security predictions made in the beginning of 2010 by the leading analysts such as IDC and Frost & Sullivan, categorically state that small to medium enterprises as well as big enterprises would continue to spend on IT security. Therefore, there is positive growth. According to industry sources, while the overall IT security market is growing by around 30-35% year on year (YOY), the average growth in the UTM market is a good ten per cent higher. 

“Indian network security market has just started picking up in recent few years because more and more organizations are able to realize the importance of securing their data against external and internal threats. Consequently, there has been no letdown in IT security spending because CIOs realize without ensuring security of their enterprise vital data, it is just not possible to expand business. Investing in network security solutions is analogous to buying insurance for your brand new car,” says Tushar Sighat.

Channel partners need to come to terms with the fact that point solutions such as firewalls and IDPs are not as effective in driving sales ahead compared to integrated security solutions such as UTMs. “There are enough reasons to believe that businesses of all sizes are trying to replace legacy or outdated point security solutions such as anti-malware gateways, routers and firewalls with unified UTM solutions. The reasons for this are the possibility to have one single source of support, one device to worry about and truly unified controls in every security aspect of the organization,” says Tushar Sighat.

“Channel partners need to help vendors/customers understand the importance of comprehensive security (i.e. unified threat management) as an attractive value proposition to stem network security breaches,” says Vishak Raman.

Channel partners including resellers and other solution providers are increasingly becoming aware of designing/delivering solutions designed around security products because they realise there are huge opportunities due to rapid growth of the SMB sector and there is increasing security awareness. What is more substantial is that the B and C class towns today represent huge opportunities and are slated to be future growth drivers for UTMs in preference to their performance advantages, convenience, and choice to customers, resellers, and product vendors.

There is no denying the fact that the security space in general is a lucrative sector to play in as a reseller or a solution provider. “Channel partners are taking dual roles as consultant as well as reseller. They don't just sell the products but also offer solutions that are tailor-made to the customer's business needs. This differentiates them as solution providers rather than just ordinary resellers. We have noticed this across all market segments: from SMB to enterprise to service provider,” says Vishak Raman. 

“Channel partners need to help customers understand the importance of technologies beyond the traditional firewall, IPS and UTM solutions. The importance of role in an organization is often left to domain and application authentication, and access control is merely IP addresses and ports. However, channel partners need to understand that the role of employees and devices on the network is an important component of access control and there are many new capabilities within the switching infrastructure like 802.1x, NAC, 802.1ae and Security Group Tagging (SGT). These are the next set of technologies which will change the way information security is executed in an organization and channel partners need to lead the way educating in customers about the same,” says Jatin Sachdeva.

Security is certainly a growing market and solution providers will play an important role as they are able to provide a holistic solution. “We have seen that companies stress on an integrated and secure solution that can make a real difference in protecting their valuable intellectual property and assets, and sustaining their business operations,” says Ashish Kothari.

“Channel partners can help the vendors by implementing robust security policies within the network and on the perimeter security as well. They could also carry out third-party vulnerability assessment and penetration testing which would help in strengthening the network. Other security measures can also be implemented like two factor authentication, encryption and data leakage prevention, etc.,” says Mohit. 

Finally ...

Today, there is an urgent need on the part of organizations, whether large or small, to develop progressive policies to address the security concerns. These policies are designed to help ensure regulatory compliance. This will translate into more opportunities for the solution providers.