MUMBAI, INDIA: From the whirlwind world tour that WannaCry attack tagged in May, to the Petya jolt that is keeping the globe busy firefighting again this week, ransomware is a word that has ceased to be some Grawlix that IT nerds used around their coffee-machines.
So have many other concepts and headaches that were privy to only IT departments until now. There is an unprecedented shift in the way business thinks of security and along with the war-room huddles that are taking place in the corner rooms instead of server basements, the new shift is palpable in the way numbers move.
There is Forrester that feels that the global cloud security market could be as much as $3.5 billion by 2021, wherein over 50 per cent of security leaders are fiddling with concerns over SaaS, IaaS, PaaS and virtualisation in the data center. There is Gartner’s gut that tells that by 2020, we could see 80 percent of large enterprises, 25 percent of mid-size organisations and 10 percent of small organisations investing in EDR capabilities while the IT security market in India could be anywhere around $1.24 billion in 2017.
In the same world, there are surveys that point that not a large number of people are sure (34 per cent in India, against a global average of 33 per cent) if their organisation’s senior leadership labels cybersecurity as a strategic priority. In fact, as many as 82 per cent still look at silos for the lack of collaboration between IT security and lines of business (in a global study by Citrix and Ponemon Institute).
This is where what Terence Gomes, National Channels Manager - RSA says raises a new bout of questions and what-ifs. He strongly gathers that the business-side is now more and more inclined in understanding how the dots connect. Security has changed a lot in how the business folks view and probe it in terms of a business picture. It's turning into some raw but handy pidgin now.
Would security really get more interstitial than something that is simply tucked away with other furniture and décor? Would it be able to grapple with new data regulations, Internet Protocol controversies and IoT shifts? We look at some new murals-in-progress in this chat with Terence Gomes.
Are there any trends on security that are redefining this space all over again?
The new deluge of data is a big opportunity for cybercriminals to encash, to manipulate data and to tap IP. So tools and firewalls, per se, may not be enough. We have to move towards a prevention mindset with rapid response, resilience and risk mitigation as dominating factors. If you are on the IT side, you need to connect the dots. A lot of security vendors talk about what’s the latest in security but dots are very vague. The business wants more. It wants help in connecting the dots.
Can you elaborate? What if want to juxtapose the ROI side?
As security advisors, we have started witnessing a hard-to-miss and quite a radical shift in the mindset at boardrooms. What we see is an immense degree of eagerness in terms of ‘how it is going to impact us’ whether it is a budget proposal or discussion around a new attack. Now businesses are asking some hard-hitting questions. The ‘connect’ is the business relevance aspect that is on a huge rise.
The boardroom is tackling what we call the ‘gap of grief’ now. They are not merely spending but looking for relevance. They do not want technical jargons but how they can translate them into business factors like downtime, business continuity, competitive advantage etc. Once they get it, they are ready to spend.
Is this more pronounced in some specific verticals over others?
Traditionally it was high in BFSI but now media and other sectors are also waking up. Hackers are looking to capitalise the new digital surface area so new-age businessmen want to leverage technology as a strategy and they know that they are looking at new risks and hence, have a higher seriousness towards security. It’s not just about anti-virus packages anymore. It’s about advanced detection, proactive stance and a holistic posture.
How cascading could new legal contours be, like the imminent EU’s GDPR regime?
From a security point of view, organisations need to be definitely compliant but, it too, comes back to business and whether security is a silo or not. Data protection or privacy, it’s all about protecting investments well and not just about compliance.
The Mirali DNS attack has whipped up new questions around IoT, and use of Internet Protocol (IP) among connectivity activists. Does security still swing between convenience and friction?
The debate goes on from a security perspective. If we make things too easy, security suffers. If we make them too secure, convenience goes for a toss. We, as always, have to find the balance between exclusion of bad guys and inclusion of good guys. Visibility and adding context to technology is important.
Is EDGE computing going to be a major question to solve?
With IoT, everything is going to be connected and hence new pros and cons will pop. Devices have to secure enough from the bad guys. No one would like to get locked inside a car if a hacker could be getting through the backdoor of IoT. Even the ecosystem and apps around need to take care of a user’s side of security. The threat landscape is certainly going to change and we could see cybercrime on a rise. We have to focus on response, holistic approach and monitoring to keep the bad guys away.
With Dell and RSA now having a combined weight, what can enterprises expect now? Any overlaps or synergy areas that can be substantial ahead?
RSA continues to focus on security as an independent brand but the good part is now that it’s a security brand under Dell. There would be absolutely no change from a partner or customer view. The roadmaps stay as they were. As we evolve we would be looking at the vacuum that leaves many questions for boards and the business-side. We will look at questions that connect back to business. We are looking at leveraging each other’s strengths and the market coverage of Dell is huge. We can build up on it in the near future.