Mr. Vaidyanathan Iyer, Country Manager for Security, SWG, IBM India and South Asia
IBM is one of the leading players in information security industry globally since a long time. But as time has progressed, information security landscape has witnessed dramatic change in technology and industry behaviour. Has IBM been able to keep pace with this fast change?
Has it been able to address required preventive measurements? InfoSecurity recently interviewed Mr. Vaidyanathan Iyer, Country Manager for Security, SWG, IBM India and South Asia, to understand the entire progress in this regard.
1. Why are information security vendors still not achieving the customers’ satisfaction in most cases?
The explosion of data presents inevitable challenges for data security and privacy. However, there are many concepts that are presented as directly related to security – verified, authenticated, trusted, protected, encrypted and so on. Yet, none of them address the true expectations of a consumer in that respect. This is where IBM’s security solutions have been making a difference. When it comes to the Internet, mobile or not, you hear the word “secure” frequently these days because the increasing amount of data also presents opportunities as we find smarter ways to derive meaningful and actionable insights from that data.
IBM’s security intelligence approach can help organizations assemble a more complete picture of their security posture. By collecting large volumes of data and events, and synthesizing that into a smaller number of priority events to be investigated. IBM believes that clients can not only understand more, they can be more effective and responsive, reducing risk and costs. As IBM we can state that our customers have seen real value in the solutions deployed and services rendered.
2. Where is the gap eventually between a security vendor’s solution and consumer’s expectation?
Of late, the latest challenge in terms of security is the BYOD policy that we are seeing many organizations today implementing. It is a trend Employees bringing in their own device and almost all of them using it as a personal device, is what’s springing more and more complexities in terms of security. To undo this issue we are looking at IBM security framework, which we believe is becoming a derivative of the COBIT methodology for thinking about risk. The second one is Data and Information that is constantly being exchanged; this is where the consumers require privacy on the information that goes out through their devices. The third one being, Applications which is the basic skeleton in a device, this too needs to be secured with a password but most of times lacks the security which can protect a consumers outgoing information. More often than not this is the basic from where hackers begin. These are some of the recent pain points that have been identified when it comes to security.
Hence, even if there is a gap, then that could originate primarily from not matching the solution to client’s business requirements. Security is a process and hence needs continuous evolution along a broad frame work.
3. What is IBM’s strategy to meet ongoing information security battle and to create a unique stand in industry?
Looking at the increasing number of criminal attacks by the day, the need for more collaborative business models and increasingly complex infrastructures, security technologies becomes inevitable. The fact is that today’s security technologies are actually insufficient to deal with the new reality of risk. Well, understanding the dynamics of the current situation, IBM, has launched a slew of products, services and research breakthroughs to strategically manage risk across all the domains of IT security like Information Security; Application Security; Threat and Vulnerability; Physical Security and Identity and Access Management.
According to IBM’s X-Force 2011 report, India was one of the top countries from where the phishing emails originated. Ever since then spam has continued to grow. In fact, the first half of 2011 has been marked by a litany of significant, widely reported external network security breaches. India along with USA, Brazil, Vietnam, and Russia is the top five countries for spam origination.
IBM is strategically addressing the challenges and problems of providing security in a comprehensive and end-to-end manner. With this move, IBM, as an end-to-end solution provider hopes to further fortify its image as the de facto product leader in the IT security market. Not just that, IBM has a well defined security portfolio spanning, consulting, products and services and is based on a well researched and proven state of the art frame work. This helps the client organization to address current requirements, plan for future as well as utilize the earlier investments. The need to focus on a comprehensive structured approach to dealing with security problems is a much needed move on IBM’s part.
4. How does IBM look into the APTs and specifically when it is state sponsored?
A threat is a threat, despite the origin. Today’s sophisticated attackers are constantly creating new challenges for how we should address security within the enterprise. While the capabilities and tactics of this group are neither static nor entirely consistent, the more we engage with this class of attacker the better we understand their techniques and motivations. Infrastructures today are facing new types of threats that can’t be effectively mitigated by a single product or service. To be able to effectively combat more sophisticated attackers, organizations not only need a combination of products and services but also diligent security processes, education of key personnel and a solid incident response program.
Security is not a static, point-in-time, challenge. Your network changes, your users change, the attackers change, the technology changes. We live in a constant state of change and, as such, security needs to be handled in a manner that reflects this reality. For this reason you should be regularly assessing your security posture with third party audits and also looking to build security into every project plan. No playing catch-up; no set it and forget. It’s crucial to be vigilant and mindful of potential threats.
The ability to control the workstations that end users use is only becoming increasingly more important. The average individual can’t be expected to make good security decisions all of the time, so the more visibility and control the security team can have when it comes to endpoints, the better off you’ll be. Despite what your initial instincts might be, there are ways to do this without being intrusive either. In fact, the best endpoint technology tends to be mostly invisible to end users.
IBM’s technology based on the X Force research helps to identify the threats ahead and in conjunction with the award winning security intelligence portfolio, ensures proactive security which alleviates the APT to a great extent. The IBM X-Force research and development team provides the foundation for a pre-emptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and counter measure technology for IBM products and educates the public about emerging Internet threats.
5. Can IBM build up a global strategy to ally with global information security associations to create a mass awareness and to create a standard information security policy?
IBM as a practice does share best practices and is consulted on key initiatives. IBM is committed to providing the right technologies and expertise to deliver leading edge information security solutions to both large and small businesses, including identity and access management, self-encrypting storage solutions, intrusion protection, compliance monitoring, consulting services, and managed security services that customers can use to design and implement holistic solutions across the enterprise.
6. What is IBM India’s perception regarding current sub-continental security maturity?
The global security scenario is all pervading. There is heightened awareness on information security across geographies. According to Research on India a research firm, the software security market in India alone is expected to reach a market value of INR 12.8 billion by 2014. The Asia-Pacific region will experience a significant growth in the IT-security markets in the coming years which will be largely driven by the rapidly growing Internet adoption and surging demand for IT-enabled business solutions in countries, like India, China, and the GCC region. These countries are rolling out new services, such as e-banking, e-finance, and e-government that have to be sheltered.
7. What is IBM India’s strategy to strengthen security sphere of major corporates?
IBM believes in continuous awareness, consultancy approach, form the corner stone. Organizations must manage information security effectively as they share data across the enterprise, as well as with their partners and customers. This includes enabling secure business collaboration with controls that protect intellectual property and ensure the privacy of information without slowing down business processes. It means providing anytime-anywhere access to information while also ensuring information confidentiality, privacy, and immutability. In essence, clients need to effectively manage who has access to what information and be able to prove it.
Ensuring the security and privacy of an organization’s information helps reduce risk and provides a foundation of trust that business relationships are built upon. IBM Information Infrastructure enables secure sharing of information across the extended enterprise, fostering trusted collaboration, innovation, and superior customer relationships. IBM Information Infrastructure offers a variety of information security solutions designed to help organizations address virtually any dimension of a secure infrastructure.