|
“Large enterprises are more receptive to change”
 Timothy Lee, Vice President, Asia Pacific & Japan, Websense, talks to Network Computing’s Sonal Desai about emerging threats on the Internet, security audits, and the company’s go-to-market strategy in India.
From Websense’s stand point, how is the Internet threat landscape shaping up? What are the emerging threats that IT organizations should be keeping an eye open for?
There is increasing concern about blended threats. Multiple tactics are used in one attack before they are launched. Due to the intertwined nature of the threats, it becomes difficult to identify the primary tool of the threat—trojans, worms or bots—and in turn causes a delay in finding a solution.
Also, until now, we had seen cases of the most basic form of phishing attacks where hackers sent e-mail luring users to click on a link to a spoofed Web site to disclose their account info. However, new instances of phishing are surfacing where hackers are using mediums like VoIP (Vishing) and SMS.
More attacks are being launched through Web sites, IMs and P2P file sharing applications.
Currently, security threats coming from Web 2.0 are a cause of concern. Web 2.0 could be social networking sites or some popular blogs. These sites normally have a very large number of Internet users accessing and contributing from around the world. Users can post all kinds of content on such sites; this could include a music file, video, pictures or their profiles. Most of these sites do not have the required infrastructure to scan large amounts of data for security threats, so Web attackers pose as innocent users and upload malicious content which lures other users to download malicious codes and viruses. Hence, threats can arise from Web sites supporting active content.
Another area of concern is leakage of sensitive data from the organization. Information leaks may be intentional or unintentional. According to Gartner, 80-90 percent of data leaks are unintentional in nature. The biggest hurdle faced by organizations is ignorance about the loss of data, and the inability to classify and secure sensitive data.
Prevention is the best mode of tackling emerging threats. Today, Web attackers work in a very small time frame and in a targeted manner so it becomes difficult to provide an immediate solution to such threats. However, by identifying the malicious Web sites and applications, and by blocking access to such Web sites, organizations can protect their network from viruses and worms.
Security solution providers are facing problems convincing enterprises, including large enterprises, to get security audits done. How can this reluctance be overcome and the thought instituted that an audit is necessary?
IT managers would like to believe that their networks are secure. I think security is not an area of high concern when it comes to making decisions for allocating a budget. In the present scenario, organizations do not know the implications of losing critical data. In fact, incidences of data loss either go unreported or are not brought to public notice. This should change. As more security issues are brought to public notice, awareness is bound to increase so that not only IT managers but even top management and decision-makers would be prodded into action.
How should IT heads present security concerns before the management?
The role of a CIO/CTO varies in different organizations. The CIO’s role mainly gets restricted to handling the operations of the IT infrastructure, hence they don’t get management attention. However, this changes dramatically as soon as the CIO/CTO starts having a management perspective on IT. This way they can show that technology is a core driver of business in a globally competitive marketplace, that security becomes strategic as organizations are increasingly adopting electronic business platforms to reach out to every part of the world.
Interestingly, European countries and the US are more mature markets as far as implementation of security products is concerned. In APAC, Australia and Singapore are quite-aware markets. India is fast catching up with the trend as large organizations from India are becoming global, and they need to ensure that their infrastructure and services are world-class and secure. Also, outsourcing by MNCs to India creates a need for organizations to have similar standards of security.
What is Websense’s go-to-market strategy for India?
Websense is a leader in Web security and content filtering. It is recognized as a worldwide leader in the URL filtering category with a global market share of 49.6 percent. Some studies show that there are more than 70 million corporate Internet users in India today. As such, India is not only a very strong revenue-generating market but also strategically important to our APAC strategy. Historically, our strength has been in the enterprise market. We have also announced the launch of Websense Express, a Web security and content filtering product targeted at small and medium businesses. Additionally, we will extend our solution to the information leakage prevention space, where 80-90 percent of security breaches are occurring today. We have recently announced the launch of a product in this information leakage prevention segment, Websense Content Protection Suite v6. Lastly, with the acquisition of Surf Control, we will bring e-mail filtering solutions to the market.
Gartner has recognized Websense as a leader in a Magic Quadrant report for Content Monitoring, Filtering and Data Loss Prevention, 2Q07. According to a 2006 Frost & Sullivan report, the Indian Web content filtering market should grow at the rate of 47.2 percent in 2007. In India, we have a market share of 59 percent.
We will continue to use our two-tier distribution model to bring our new solutions to the Indian market. We follow the 100 percent subscription model, and have a 95 percent renewal rate in India.
Is it easier convincing larger enterprises than SMBs about the importance of security?
Generally, large enterprises are more receptive to adoption or change. There is a latent need to adopt technology to survive in a complex environment, and large enterprises have the required capital and IT resources. However, as SMBs compete with large enterprises and other global players, they are also adopting new ways of doing business. In this, the role of security assumes importance. SMBs are emulating large enterprises as far as security is concerned, although in a small way. Overall, IT, BPO, BFSI, manufacturing, pharmaceuticals and government are the growth verticals in India, while the education and infrastructure segments are the ones with good potential.
|