In conversation with BW CIO, Santanu Ghose, Director, India, Aruba talks to us about the current scenario of network security in India and disruptions caused by insider threats.
It is no longer a secret that the increasing use of mobile devices has vastly complicated the lives of IT and security leaders. Cloud adoption and BYOD are increasingly becoming a norm of organizations but the security technologies designed are still based on closed and static environments. Insider threats, be it accidental or malicious, is a core concern for businesses today.
According to Bitglass, one in three companies admitted to experiencing a data breach caused by an insider between 2015 and 2016, and 74 percent out of 500 companies feel vulnerable to insider threats.
Data leakages are also caused by insufficient data protection solutions, careless security policies which grant employees more access to data than they require and more data leaving the corporate network perimeters. Enterprises have invested in cyber-defense tools such as antivirus, firewalls and more, but it’s often not enough. What enterprises need are a combination of visibility, intelligence, and proactive security in a seamless, integrated architecture.
Enterprises have also been putting in place measures such as, employee training, identifying management solutions and data leakage prevention strategies but they have not proven to be sufficient to prevent a possible data breach.
In conversation with BW CIO, Santanu Ghose, Director India, Aruba talks to us about the current scenario of network security in India and disruptions caused by insider threats.
What is the current scenario of network security in India according to you?
In India network security is very much around perimeter and data centric. The risk around this have been well researched and many intervention and prevention are in place. The remediation around data integrity and reputation/ authentication of data source is well in place. However, with the advent of the Internet of Things (IoT), the security landscape has become even more challenging for enterprises, as there are various new end-points from where the attacks can originate. IoT devices are a security challenge, and they need comprehensive management from the security perspective. The first step towards protecting your business from an attack is to understand who and what is on the network, and enterprises must invest in this facet significantly before they move onto other tenets of cybersecurity.
Could you elaborate further on the disruptions caused by insider threats?
Oftentimes, security breaches are carried out by internal stakeholders and many organizations consider employees among the most likely source of cyber-attacks - either with malicious intent, or because of carelessness. Adoption of BYOD, and the proliferation of mobile devices at times pose great security risks. Downloading and file sharing on BYOD devices exposes the system to malwares and hacks, and an employee who downloads web files on his device, or uses a peer-to-peer platform may unknowingly compromise company information. Loss of devices, use of unsecured devices, and rampant sharing of unencrypted data put the business network at risk of cyber-attacks. The increase in connected devices has created multiple entry points for hackers and cyber criminals. The IoT architecture’s sensor nodes and system network layer are vulnerable attack points and they must be secured.
What are the biggest challenges or loopholes faced in the country in terms of network security?
The biggest challenge that we have noticed is that cybersecurity and compliance measures have not been robustly implemented, or strictly followed by companies. It has often been a checkbox approach to cybersecurity, and that has led to multiple breaches in the past. However, with the recent awareness around cybersecurity measures, enterprises are investing resources in being secure, and that is a good sign. The biggest challenge that needs to be tackled however is the ability to know which devices are on the system, and ensure that end-device health check is carried out to prevent any devices with outdated software, or infected devices from entering the network. Enterprises must also invest in tools to identify and analyze behavior patterns of the devices, and be able to quarantine any device that could pose a threat.
“The era of IT disaggregation” what are your views on the same?
In the current environment, the security risk are emerging because of disaggregation of IT and users are directly going to cloud for accessing the application mostly and for very limited application to the data center. Hence today the risk are emerging from two areas:-
In a country like India, where there are 3 mn+ wireless devices on a professional network, device based security, full proof user authentication and access control is assuming paramounting brackets to eliminate these device based threats as well as user insider threat.
What is the approach taken when it comes to dealing with highly organized and targeted attacks on security?
Ability to understand and analyses the flow of packets within the network with this embedded security intervention within the network is helping to check security breaches at the very nascent stage itself.
Aruba Clear Pass also ensures there is proper data access levels assigned to the users and the devices based on their position in the organization and their job requirements. Importantly, the Clear Pass security software from Aruba also helps to profile the devices apart from profiling the users themselves and connecting them to a DNS. Currently, organizations are looking at how to intersect attacks in the very outset. Hence, the industry is looking at how to leverage deep learning and enable artificial intelligence to understand patterns and emerging threats.
What should be the ideal modern approach while dealing with data protection?
The network security is getting modernized in the era of mobile, cloud and IoT. The key is to identify and prevent attacks that are happening at source. In the future, network security will be heavily dependent on behavioural aspects and profiling of devices. Key elements such as machine learning, algorithms and artificial intelligence will be able to support in securing the networks of the future.
How do you envision the future of network security 5 years from now?
The value of our networks will continue to grow, and the market for network and security technology is on the rise with companies becoming more conscious of incoming and outgoing packets across the network barrier. As businesses embrace digital technologies, they have also become mindful of the cybersecurity risks associated with the digital ecosystem. Companies have been investing more on network security along with end-point profiling and UEBA (User and Entity Behavior Analytics) to safeguard online services, the wealth of data that they keep, and in compliance with regulatory requirements as well. As the awareness around network and cyber security increases, the future looks to be a promising one.