Lack Of Interoperability, A Challenge In Cybersecurity

by Priyanka Pugaokar    Nov 22, 2016


 With the growing incidents of advanced persistent threats (ATPs), and the adoption of disruptive technologies such as IoT, CIOs are under a huge pressure to ensure holistic security for their respective organizations. In the world of connected devices, interoperability between systems and end point solutions is very critical to ensure smooth functioning of enterprises. Increased connectivity and data sharing means increased vulnerabilities to attacks, espionage and data breaches. Leveraging interoperability in cybersecurity plans can save significant time and efforts of CIOs. 

The current lack of interoperability and collaboration significantly increase the complexity of enterprise security. Therefore, If enterprises intend to embrace digital transformation, there will have to be interoperable on the agenda of every CIO.

In a candid Interaction with CXO Today, Samir Shah, CEO, Aurionpro highlights the corelation between enterprise security and interoperability. Shading the light on cyber security preparedness among Indian enterprises, Shah emphasizes on cooperative collaboration between corporate and employees. 

The global IT security spending is estimated to reach $101 billion in 2018. What trends do you observe in India in terms of awareness and preparedness of enterprises to tackle advanced cyber threats? 

We as a cyber security vendor believe strongly in awareness. In India, cyber security awareness is rising across the industry sector, especially in the BFSI, Telecom and Government sector. In terms of awareness and preparedness of Indian enterprises, I would say there is a high awareness but less preparedness. There is definitely an increase in the funds allotted for security, however, preparedness has nothing to do with the spend. How many organizations in India have dedicated Chief Digital Officer (CDO) or Chief Information Security Officer (CISO) with specific deliverables of ensuring robust security in the digital economy? And that’s where the preparedness is lacking in India. 

How do you see the emerging role of CISO? According to you, what are the pain points of security decision makers in terms of enterprise security and digital innovation? 

I think today there is a huge fundamental difference in the mind shift of security decision makers. CIOs and CISOs cannot afford to say that if the organization wants security, they will need to lock the access of some applications/ systems. They need to deploy a security architecture which will not hamper the business continuity and at the same time it will protect the organization. 

Not only in India but worldwide, no CIOs say that they are not riding on the wave of digital transformation because of security concerns. However, digital transformation is a wide term and it means different to different organizations. For me digital transformation means new revenues. Similarly, for any CIO it is survival in the brave new world, which means embracing a change that if embrace properly translates into a huge stream of revenue and if embraced not so appropriately, might mean threatening to a very existence. The major challenge CIO face today is interoperability. If organizations need to embrace digital transformation, there will have to be interoperatability on the agenda of every CIO.

Organizational security is largely considered as subject that comes under the ambit of CIOs or CISOs. However, considering the emergence creative and sophisticated threat variants, cyber security is responsibility of all and not just IT heads. Your Comment. 

Absolutely, it is shared responsibility of all. Ultimately, security is as strong as the weakest link. Therefore, the whole process of education, enablement and empowerment of employees is critical. There has to be cooperative collaboration between corporate and employees. 

What are market prospects do you see for isolation solutions in India?

We are seeing increasingly strong awareness about isolation solution and ‘predict rather than detect and protect approach’. However, the traditional anti-virus and sandboxing solutions will continue to co-exist. Antivirus solutions are so basic now and the cost of solution has come down dramatically. Similarly, sandboxing solutions are trying to address the advance persistence threats to a some extent. However, isolation solutions are absolutely unique and they will augment top of these existing solutions. In some cases, they might replace the existing solution, but in most of the cases they are addressing the threats which are largely unaddressed. 

Aurionpro has sold its services business in the US to Saicon for a value of Rs 66 crore. What is a rationale behind the deal? Do you also intend to sale off other non-core assets in future? 

We believe in the mission to simplify and sharpen our focus and any business, even if it is profitable, that does not belong to our core vision of escalating digital innovation securely will not be our core focus.

Services business was not really a part of our core vision, and that was a rational behind the sale of second. Going forward, we will focus on only on our core business areas.

How will Spikes Security’s acquisition help the company to expand its enterprise security offerings? 

Prior to acquisition of Spike Security, our enterprise security division was mostly focused on identity management solutions and protecting organizations primarily from insider threats. We did not have a solution for outsider threat which exactly Spike acquisition brought to us. The idea is now with combined solution, we will also be able to leverage some synergies between the two solutions to offer our clients one holistic offering that will address the majority of security concerns as oppose to individual pocketed approach. Hence, it is a very strategic acquisition for us.

Please explain your reach in India in terms of presence, vertical focus and channel base. 

We have close to 150 security professional out of our Pune office. We are channelizing more or R & D work in India post Spike Security acquisition. We are retaining our core DNA of silicon valley, but we are also enhancing it in India. The channel strategy is also very critical for us. We will launch our first channel program in India in Q 1 of 2017. India and the entire APAC region are a very strategic market for us. Digital business is growing in most of the verticals in the country. Series of event like currency demonitization will only push digitization and they we see a huge growth prospects.

Aurionpro has recently won an order from NMRCL for operating a Digital Platform to run end-to-end operations. What is your play in the government space? 

Our engagement with government is as a product and solution company for custom digital security. Our vision is to expedite digital information security. We have multiple engagements with the government organizations. We worked with the Nagpur Metro Rail Corporation for designing, implementing and operating digital platform. We have also done multiple e-district and e-governance projects for the state of Rajasthan. So all of these are derivatives of the broader Digital India agenda of prime Minister Narendra Modi.

The year 2015 marked highest amount of DDoS attacks, whereas ransomware took the central stage in 2016. What is your cybercrime prediction for the year 2017?

It is a fact that the number of attacks and the sophistication of attacks is increasing. Whether it results into ransomware or its result in sophisticated malware attack it remain to be the same. However, the current trends indicate polymorphic machine learning malware attacks will increase in 2017.