“A vulnerability assessment & penetration testing exercise helps businesses uncover potential gaps in their applications & infrastructure which could be exploited by malicious actors,” says Ujwal Ratra, Chief Operating Officer, Astra Security, in an interaction with CIO AXIS.
1) Elaborate on the role of cybersecurity in the protection of businesses in the current day and age? Why should it be mandatory?
→ Just like offline businesses have lock & security systems/personnel to protect their premises, online businesses need to have measures to ensure security. Post the pandemic, every business is now a tech business. Businesses were quick to adapt & moved online almost overnight. With increased cyber activity, there has been a proportional increase in the number of cyberattacks too. Critical business & customer information is being processed in the cloud. One leak could have massive implications; thus businesses need to ensure that all their applications & infrastructure is secure.
2) In the current time, more and more businesses are seeking security audits & penetration tests. What do you have to say about this trend?
→ The importance of Penetration tests can’t be stressed enough. Businesses need to hack themselves before the hackers do. A vulnerability assessment & penetration testing exercise helps businesses uncover potential gaps in their applications & infrastructure which could be exploited by malicious actors.
While there is definitely an increase in the number of businesses going in for penetration tests, this shouldn’t be a one-off exercise. In fact, all security standards like ISO, SOC ask businesses to get regular penetration tests done.
Almost all our customers conduct quarterly, or bi-annual pen tests & run weekly automated vulnerability scans. Our suite is developed in a way that fits in well within the development sprints of our customers so that there is no disruption in their ongoing product road map.
3) We have witnessed a change in the industry as now consumers are more evolved and they have been preferring security-conscious companies over not-so-security conscious ones. What do you think led to this change?
→ As consumers, all of us are now more conscious of our data. The fact that WhatsApp had to run full-page advertisements in national newspapers to clarify their stand on data collection/processing proves this. This is definitely a very positive change.
There are multiple things that led to this. This an ongoing process, more & more consumers will keep moving on to security-conscious companies. Over the last few years, data leaks at large organizations have been making news. Leaking of sensitive information like credit card numbers, phone numbers etc. can & do have financial implications (both for the user & the company). This is one of the factors that affect consumer choices.
We have seen this trend play out first-hand at Astra Security. We recently launched “publicly verifiable certificates” for our Penetration testing customers & all of them seem to love it. They brag about the fact that they take their security seriously by sharing their unique certificate links with their partners & customers. The trust that it instils goes a long way.
4) Give us more details about why the pentest and security audit of one’s application are mandatory if building solutions for the Government and hosting them on the Government’s servers?
→ Government applications perform critical functions & store sensitive data. For eg: Consider the most talked-about application these days, Cowin. We all know how critical it is & any attack on the application can impact millions of lives.
In the last few months, we have been looking at state-level attacks that lead to the shutting down of power transmission lines, gas pipelines across different countries. These attacks affect millions of lives directly or indirectly.
5) Tell us about the security audits trends in India and how does Astra Security provide Security audits to its customers?
→ Indian companies today are leading technological innovations. Take a moment to think about how our lives have changed in the past few years. All the tech products we use without thinking have changed the way we eat, transact, travel, shop & even sleep. India is one of the biggest consumer markets for companies across the globe. We already talked about consumer preferences around security. So companies are also catching up with that.
In the last few years, we have seen a healthy surge in instances where companies get security audits to tell their customers & partners that their systems are secure. So, this is a good thing to happen for the customers & the entire eco-system at large.
At Astra, we ensure that our customers are constantly protected. Our vulnerability scanner runs over 2500+ test cases covering OWASP, SANS, ISO, SOC standards. This is topped up by quarterly manual pen tests. We integrate our security audits as part of development sprints of our customers. All the vulnerabilities found are reported in our vulnerability management dashboard with the following details –
• What the vulnerability is
• What business impact it can have & how critical it is
• What are the affected areas
• Steps to reproduce the vulnerability
• Tailored steps to fix the vulnerability
The developers fixing these vulnerabilities can collaborate with the security engineers right on the dashboard & ask any questions they might have while fixing.
This helps our customers focus on what they are good at while leaving their security to us. At Astra, we deliver peace of mind!