Companies often benchmark against the wrong vendors

by CXOtoday News Desk    Aug 12, 2013

kaushiknaveles

The information security landscape is constantly evolving and paving the way for newer opportunities and threats. In an exclusive interaction with CXOtoday, Kaushik Thakkar, CEO and Co-Founder at Nevales Networks discusses some of the critical issues in IT security, market for cloud security and how enterprises should deal with the changing nature of threat.

What are the top three things a security thought leader should keep in mind?

We are living in an information age, in which there has been a continuous shift in the IT paradigm. Quite evidently the information security landscape has also undergone a sea change from its early days of single sign on, antivirus and firewall. From the client server to web enabled application consolidation today we are moving to mobile and cloud and therefore the nature of security is keeps changing accordingly. Until recently, IT leaders were concerned with the privacy and security of data within their organizations. But as more data is shared with other sources, say in cloud deployment, they are striving to adequately safeguard sensitive information from these different sources. The thought leader within the enterprise should therefore keep in mind three aspects. One is security has moved beyond the purview of pure technology. It’s mostly a business component, so the IT head should transform into a business enabler. he should move to security service approach more than products mindset. Finally, security thought leader must be proactive. He must learn to act quickly when taking a security decision on behalf of the organization.

Security has long been seen as necessary but considered expensive. Are the attitudes among businesses changing in this regard?

Of course the attitude that security is expensive is changing, but there is a lack of awareness that lead them to buy costly security offerings, which raises their TCO. Most enterprises go for global benchmarking and end up benchmarking against the wrong vendor.  These vendors do not localize the product or deal with use cases, such as, dropbox security. Cloud has completely changed the way companies pay, deploy and use security offerings and is also changing the attitude of businesses on security. Many vendors are seeking to expand its focus well beyond the “legacy” antivirus market and are venturing in the market opportunities for enterprise cloud security.

How should Cloud Computing providers be addressing security issues?

Cloud computing providers have to take a Consultative approach. he should first prove his security credentials and demonstrate reliability. you may also have to prove the ROI to your customer. It is also important to involve the entire C-suite and explain that it is not solely an IT-decision, but a business decision as well. Appointing renowned channel partners often help CIOs is gaining trust. For example, we are working with Wipro and other large SIs who will drive our business across India and through them, we will cater to the security requirements of large enterprises to SMBs. It is important for the provider to customize and offer the products based on a specific industry vertical and geography. A retail company will have very different needs from a pharma company. Even within two retail firms, their security requirements may vary greatly. Moreover, what a US retail firm will deploy will be very different from India or say, any African countries. So, he should understand he is not only selling a product or an offering, but the goodwill and trust along with it.

In the current complex IT security landscape, what should security CXOs and thought leaders do to raise awareness among employees, customers and society?

There are various ways to increase awareness among customers, employees and other stakeholders. When raising awareness in information security, it is important to put security in a context. The thought leader should highlights every aspect of security – including its risks, goodwill, legislation and compliance as well as various technical issues before and after the implementation of the security solution or program. When addressing the employee, the CIO or security professional should device a security program, making them understand the severity of breaches especially with the emergence of BYOD and other new technologies. They should also be informed about the consequences of any breach of information within the organization. To the customer, the approach will be consultative, finding out their strength and weaknesses and also the security requirement. Generally, I encourage my customers to adopt a layered security. A lot of these campaigns are driven by our SI and through hosting our cloud security solutions on trial and so on, besides seminar, offering advice and perspective on maintaining data safety as more and more businesses migrate to the cloud. To the society at large, public awareness campaign, especially on social media can be very powerful. We also follow a collaboration approach with the government and industry to drive our security awareness initiatives.

How can the security industry keep up with constantly changing threats?

The security practitioners have to be extremely agile, pursuing newer technologies and trends such as mobile technologies and next-generation firewall and other new security solutions as well as rise of cloud security technologies. In the next one year, a number of new security solution provider will emerge, and they will pose competition for the traditional players. There will be more investment on  R&D innovation, public awareness and innovation. Security vendors will target emerging markets and verticals in the coming years.