Kalyan Rao Konda, Sr.Vice President – Global Delivery, Cigniti Technologies
1) There are plenty of companies offering Pen Test services. How does Cigniti stand unique among them?
Cigniti brings a holistic approach to its security testing services offerings. A focused group of security test architects, certified ethical hackers (CEH) certified professionals, CISP certified career testers form the core of Cigniti’s security testing services teams. In addition,Cigniti constantly updates its offerings, skill sets by being abreast with emerging protocols apart from the industry standards like OWASP. Deep dive expertise is backed by a strong understanding and experience of having offered security testing across client-server, web, mobile and cloud technologies for leading companies across the world. Our security testing practice also caters to BYOD2.0, Mobile enterprise and Converged computing scenarios for tomorrow’s enterprise.
Cigniti’s value addition comes from Tool agnostic frameworks which integrate a combination of open source tools, commercial tools and customized scripts with solutions that match the client’s unique requirements. The differentiation lies in Cigniti’s multi-layer security approach which caters to the client’s security requirements, and takes into consideration the the applicable layers of the technology stack.
Since each business environment presents unique challenges along with generic security requirements, Cigniti’s offerings achieve the right balance between rapid and comprehensive assessments that ensure detection of vulnerabilities with their source, location and potential impact. These assessments are backed by customized reports with recommendations that ensure fail safe and fool proof security.
2) How strong is your R&D team to cope up with the increasing pressure, industries today face regarding advanced attacks and unidentified vulnerabilities?
At Cigniti’s IP led testing services form the back bone of our differentiated services offerings. Constant investments in dedicated IP building, Cigniti SMART tools, R&D, next generation labs and infrastructure define our approach to innovate. We continue to invest in offering Comprehensive reporting and detailed recommendations that help clients take informed decisions, quickly address the detections and reduce exposure to identified vulnerabilities & threats. Our R&D is focused to build Custom execution methodology based on business logic and application technology to identify vulnerabilities from various avenues of attack(s).
3) What was the rationale behind acquisition of Gallop solutions?
Gallop’s proven IP around test asset modernization services helps Cigniti complement and strengthen its IP led testing services portfolio. Gallop Solutions is a great cultural fit for us and they have a fantastic team. The merger added value to everyone concerned including shareholders, clients and employees. The merger also made us the world’s third largest Independent Software Testing Services Company. This helped move towards achieving our mission of becoming the world’s largest Independent Software Testing Services Company in the next few years. IP led testing is going to be key driver of growth in the future and Gallop’s experience in delivering testing solutions around proprietary IP led products such as WinQuick and RoboQuick adds a lot of value to our clients and complements Cigniti’s SMART Tools. In line with the focus on IP, Cigniti appointed Mahendra the co-founder of Gallop as its CTO recently. Mahendra’s deep understanding of testing and technology will strengthen Cigniti’sworld classtest engineering solutions. His technical leadership is helping us expand our IP and generate non-linear revenues that will differentiate Cigniti from peers.
4) Is operating in big data environment a big challenge for SMBs? If so, how can Cigniti help them to resolve the issue?
Big Data actually creates a level playing field for SMBs to compete with large enterprises. Big Data analytics also enables SMBs to improve their overall customer experience by performing “social listening” – or collecting unstructured data insights from social media and pulling out specific content that directly affect their line of business. SMBs with a meticulously tested Big Data application will ensure the investments on the project yield the right set of analytics to make insightful decisions for successful business. SMBs cannot afford to compromise on the Cost of quality in particular to the Data under scan. Cigniti is an IP-led testing services company. We have created a service offering around Big Data known as Big Testing. Cigniti’s Testlets for Big Data offer point solutions that encompass a wide range of requirements including consumer partitioning, social indexing, and data mutation. As an independent testing partner, Cigniti helps organizations add quality to their Big Data initiatives and ensure testing before and beyond the implementation. Cigniti is working to create compelling IP in the Big Data testing arena. Initiatives are underway to develop a set of point solutions; tools that can complement and value add Data Quality issues in the context of Big Data. Special emphasis is being laid to address some well researched use cases around Intelligent Data Sampling in the context of Big Data testing. Data Security, Data Governance and Data Masking will be the other test data management areas that are being explored to be empowered with meticulous testing. A solution framework that can help SMBs migrate to Big Data platforms from the existing structured, unstructured and semi structured data sets is being studied to assess the scope of innovation that can enrich business outcomes with quallity.
5) While BYOD is becoming a major concern for almost all organizations, how can Cigniti prescribe a solution to organizations to mitigate the challenges?
A well-connected, smart enterprise is expected to become prominent with more convergence. Enterprises will need newer ways of testing mobile applications and software with a faster turnaround time. Bring Your Own Device Policies will influence the way applications are developed, tested and deployed for end user consumption. This increases the possible threats and vulnerabilities that people might want to expose, take advantage in the case of mobile applications. Inward facing and vertical specific enterprise Appstores over the cloud will be rolled out by businesses for meeting new needs of customers, employees and partners. With increased adoption of mobility platform, security is surely one of the biggest challenges at CIO’s hand. It is quite evident that Emergence of Bring your own Device (BYOD) policies have caused Enterprises to take a holistic view of mobile application security. Focus areas like access control, device rights, application management, logging, reporting, location-based identification, and workflow driven access, approvals, etc., all call for astringent security strategy. On an average, a mobile worker has at least three different layers of access to the corporate IT applications from inside, outside and while on the move. Wireless LAN systems are also under tremendous recourse owing to the BYOD policies. Enterprises have a paramount need for mobile device management software to ensure visibility & governance on mobile applications, their users, their roles and their access needs & patterns. Devices need to be tracked constantly whenever corporate information is being accessed. Being a specialized service partner, Cigniti helps Enterprises conduct comprehensive security testing that accommodates these changes and needs.
6) Application security is another major painful area for CISOs. What does Cigniti suggest organizations to prevent the challenges?
Due to increase in number of privacy/security breaches that organizations are facing today, Security testing has become an absolutely critical part of the enterprises’ application development strategy and life cycle. Major corporations, ISVs and startups alike are equally haunted by the possibility of a glitch that could strongly rattle businesses. Cigniti suggests that CISOs recognize the need for software testing early in the SDLC lifecycle and start leveraging independent testing throughout the SDLC phases. A three pronged approach could help mitigate the problem. Finding the right security testing partner with strong experience of security testing of desktop, web, mobile and cloud applications is the key. Some of the suggestions that Cigniti thinks CISOs should ensure:
- The security testing uncovers logic flaws, Identifies weak ciphers and Spot loopholes in data integration. The team should have the ability to Simulate hijacking attacks, Enduring Schema Poisoning/ Cookie poisoning with an added ability to Eliminate scope of Cross Site Request Forgery attacks. .
- Make sure Security testing at API level is accounted for while applications are developed in the agile model.
- Plan for a comprehensive security testing approach to cover threats emerging from inside, outside and during the access to corporate applications.
- Most importantly, choose and rely on specialized partners who bring deep understanding, compliance to industry standard secure coding practices, and adherence to standards such as Open Web Application Security Project (OWASP)
7) What is your India commitment and how do you see this Pen Test market by 2015 in this subcontinent?
Gartner forecast India’s domestic IT services market to touch $10.2 billion in 2013 from $9.1 billion in 2012. Gartner report further identifies that along with government bodies, manufacturing, telecommunications, retail, financial services, banking and insurance, energy and utilities, transportation and education have the potential to drive IT adoption in India. As companies grow in size and scale, the market is likely to see larger IT services deals with more sophisticated deal engagement practices. This market has a critical mass that is worth tapping into and has the potential to expand further with ‘as a service’-type service offerings.
In India, the Telecom Department (DoT) is working with the National Technical Research Organization (NTRO) to enforce security testing standards and procedures for telecom gear. As governments, financial institutions and business communities are mandating compliance to IT security standards and protocols, the emerging scope of security testing particularly in the realm of telecom gear is going to be a big market in India. Our dedicated security test center of excellence encompasses network security, web application,mobile and cloud application security test offerings catering to enterprises and businesses across geographies. We see a tremendous need for security testing and penetration testing for Indian enterprises and companies which leverage IT for their business. We have been working with some leading companies in India and assuring software quality, software security there by assuring business success.