Embedding security in a digital economy

by Mohd Ujaley for the Financial Express

Digital India can be successful only when a proper security framework to protect the critical infrastructure is in place

In the last one month, two websites —a microsite of the Railnet page of Indian Railways and the library webpage of Jawaharlal Nehru University (JNU)—were hacked. The hackers defaced the pages with customised messages and claimed to have intercepted the government’s web directory. The claim may be exaggerated but theses
incidents show the growing vulnerability of cyber infrastructure.

The government’s push towards Digital India, Make in India and Smart Cities initiatives further increases the surface of this vulnerability and this necessitates the need for strong cyber security mechanism to keep the data and modern infrastructure safe and secure. This is what the American technology major Cisco is gearing up to delve into by creating an integrated architectural approach to address the challenge of heterogeneity and complexity in managing cyber security for government organisations and businesses in India.

Cisco believes that the time has come to shift towards a more architectural approach as most of the enterprises have different vendors and they all invest and spend a lot of energy on figuring out ways to correlate all threat information promptly to deal with threats before losing the information. That is why Cisco acquired Sourcefire, whose solution were extensively used in US government departments and integrated it’s technology into Cisco’s platform.

“In the past customers have defended themselves by buying lot of technology solutions from many different vendors and that hasn’t served them particularly well. It has created lots of complexity and therefore the cost of operating those different vendors is high and has a relatively low effectiveness. So, the best of breed has not really served the customer very well and as we look forward and think about what is going to happen in the next five years, we see the digital transformation of organisations really further complicating the existing security landscape,” Stephen Dane, MD  of Cisco’s Global Security Sales Organisation (GSSO) for Asia Pacific, Japan and Greater China told FE.

Does that mean the role of pure-play security companies like Symantec or Fortinet will be impacted? Dane says, “I do not think so. What I would say is that we have an opportunity to help customers reduce the number of vendors by creating a platform-placed approach. This will help them to reduce the hardware within existing infrastructure and the interfaces that operations guys and analysts use.”

Across the world the concept of security is changing. It is moving beyond firewall to pattern, network perimeter to application perimeter. The old rule of anything inside firewall is good and outside is bad, and network as a perimeter is diminishing. Now companies are focusing on continuous monitoring of the cyber infrastructure for predicting things in advance. So on that front pure-play security companies such as Symantec or Fireye have dedicated solutions for businesses and governments.

Cisco says that it has been making acquisitions in the security space for the last three years, specifically in the area of threat-centric security. Now it has the ability to protect customers before, during and after an attack. “We have technologies across three areas in terms of firewalling, identity services engine and e-mail and web security capabilities and then we also have technologies like advanced malware protection which has the ability to detect the file as it goes into an organisation which is what companies like FireEye does by putting into the sandbox and exploding it,” says Dane.

Dane believes that government needs to start defining the cyber security strategy to enable Digital India to prosper.

“Our expectation is that the government will look at cyber security as a particular area to legislate on. I believe this will have a big impact particularly at the board level around how important security is seen through them because in the US that is certainly happening. We have not actually necessarily stopped many of the massive breaches but the disclosure element really forces the business holistically and from the top to consider security as an accountability,”
explains Dane.

First appeared at Financial Express