Business Daily from THE HINDU group of publications
Monday, May 19, 2008
ePaper | Mobile/PDA Version | Audio
Business Daily from THE HINDU group of publications Monday, May 19, 2008 ePaper | Mobile/PDA Version | Audio |
|
|
|
|
|
|
|
eWorld
-
Interview Info-Tech - E-Mail Web Extras - Security SaaS way to e-mail security
“Senior executives are one group of remote users that are most at risk.” 
Jonathan Wilkinson D. Murali Are social networking, IM (instant messaging), and Web-e-mails to be shunned in organisations? “The easiest thing to do would be to simply prevent employees using these kinds of tools but I don’t think this is very practical in today’s organisations,” says Jonathan Wilkinson, Business Development Manager, APAC, Hosted Security, Websense Inc, Australia. New employees entering the workplace have grown up using these kinds of technologies and preventing access could impact employee satisfaction and even discourage fresh talent from joining the company, he reasons, during a recent interaction with eWorld. “I think most organisations today strive to strike a balance between allowing their employees to use these tools in a safe way without compromising employee productivity,” he adds. That’s where Websense pitches in, with Web security solutions and tools for organisations to enforce and report on Internet usage policies. Excerpts from the interview: How aware are Indian companies on the need for an e-mail security solution? Most Indian organisations are fully aware of the dangers of not having any e-mail security, given the criticality of e-mail, which is seen by many as an operational necessity. Therefore, most organisations will have some form of protection against spam, viruses and unwanted content but this is predominately in the form of software that filters e-mail on the network. Given that spam represents 90 per cent of e-mail today, organisations face spiralling costs associated with managing and scaling their internal messaging infrastructure to tackle the growing burden of unwanted e-mail. This is one of the principal reasons why we are seeing widespread adoption of the ‘software-as-a-service’ (SaaS) approach to e-mail security. By using a SaaS solution, organisations can ensure maximum protection against e-mail-based threats yet enjoy a reduction in complexity and total cost of ownership through cost savings in areas such as bandwidth, storage, administration, training, employee productivity and a reduction in multiple software licences. From which sectors do you see the greatest demand? Spammers don’t discriminate and therefore every organisation faces problems with unwanted e-mail. Any organisation that has invested in hardware and software to tackle this problem could potentially benefit from using a hosted email security solution. Websense has 3,500 organisations currently using this service from practically every industry vertical. Is Websense looking at India only as a market, or also as a development centre? Websense established a sales, marketing and technical presence in India in 2005 and continues to expect strong growth in the region. What are the newer threats that inboxes are coming under? Websense Security Labs discovers and investigates today’s advanced Internet threats 24 hours a day, seven days a week. The ongoing results of our continual investigations confirm that the threat landscape is continually evolving. Fundamentally, the source of these threats has changed. It’s no longer just techies writing code for fun or glory but organised criminals funding the development of new threats to steal confidential information and make huge amounts of money. With this shift in motivation comes an increasing level of complexity with new threats that are being designed to circumvent traditional preventative measures and they’re not going to go away. Phishing attacks are a good example of how threats continue to evolve and converge because a phishing attack involves both elements of e-mail and the Web; the e-mail is designed to lure an unsuspecting user to a Web site and trick them into entering confidential data which is then used fraudulently. These kinds of threats will continue to evolve with social engineering and adoption of other technologies such as VoIP playing an increasing role. In this age of increasing M&A activity around, are IT systems put to a greater risk vulnerability? Yes. Integrating and scaling messaging infrastructure can be complex and costly, exposing organisations to increased risk of Internet threats. But it doesn’t haven’t to be like this and is another reason why we’re seeing organisations make the switch to a SaaS approach for e-mail security as there is no reliance on hardware and software for e-mail filtering on the network. Another challenge is managing the culture of e-mail and Web use, ensuring security policies are defined and enforced yet still providing the flexibility required, with a strong emphasis on educating users about the potential risks. Does the wireless space accentuate security issues with regard to mails, surfing and so on? This is a good example of how organisations continue to evolve in the way in which they do business, presenting new challenges around Internet security as it becomes more difficult to enforce security policy for users accessing the Internet outside of the traditional corporate ‘brick and mortar’ environment. Senior executives are one group of remote users that are most at risk: lots of travel with the need to access e-mail/Internet remotely on a corporate machine, often insisting on having full security rights to their laptop, carrying highly sensitive information and usually having little or no understanding of the true extent of the threats that are out there. How do you see corporate networks in five years from now? Widespread adoption of SaaS solutions across every area of information technology is what I foresee.
The concept of SaaS is by no means new in India and many organisations have already made the transition to this model in areas such as CRM, HR, video conferencing and accounting. However, I expect widespread adoption of SaaS in both e-mail and web security as organisations leverage the expertise of dedicated providers so they can focus on areas of their business which add more value, ensuring IT remains an enabler for growth and agility, not an operational evil. Are attacks reported and documented, or are the stories merely horror tales? They’re certainly not horror tales; the risks are very real and often documented. However, many organisations are not likely to publicly admit if they’ve been compromised by malware or if their messaging infrastructure is suffering from the bombardment of spam. Also, the problem is that threats aren’t always obvious and the real danger is those threats that organisations don’t know about. For example, an end-user receives an e-mail with a link to a Web site that has been compromised by malware; the malware infects the machine with key logging software, silently capturing access codes for internal systems or perhaps Internet banking passwords. This is a good example of why a holistic approach is required to threat prevention which focuses on monitoring and securing email, web, the desktop and the data itself. What are the common myths about hosted email security? Most IT security decision makers believe that hosted messaging security can provide a number of advantages such as reduced costs for IT, improvement in capture rates for spam, viruses and other threats, and greater organisational flexibility. That said, there is a common misconception that security of e-mail is compromised by using a service rather than traditional on-premise solutions. It’s almost like people feel they are giving their e-mail away. Of course, the reality is completely the reverse; any Internet user today has very little control over the route an e-mail will take to arrive at its final destination as it passes through many hops on the way. Websense is just another hop in the delivery chain, only quarantining unwanted e-mail as the legitimate e-mail is delivered as normal. Unlike an ISP that filters e-mail in a similar way, Websense provide a contract with service level agreements and assurances around data privacy in addition to ISO 27001 accreditation, which is an ISMS (information management security system) standard. I always talk about our existing customers; financial institutions, legal firms and government agencies who’ve done their homework and are satisfied that security with our service is, in fact, increased, not compromised. Would it not be better if we are able to locate who is causing the mischief and get rid of the same, rather than putting up fences and rings everywhere in the form of security solutions? Let’s not forget that the sources of these threats are organised criminals. In a way, cyber crime is the perfect business model; highly distributed with virtual teams of people spanning different geographies and time zones, with vast amounts of capital available to develop new threats without operating under any legal or legislative constraints. The FBI Cyber Division has developed a concept of Cyber Action Teams that act as fly-away squads to take down cyber criminals. However, companies need real-time protection so the need for comprehensive email, web and data security will still exist. Just because we have police patrolling our streets, doesn’t mean we leave the doors to our homes unlocked. More Stories on : Interview | E-Mail | Security
Article E-Mail :: Comment :: Syndication :: Printer Friendly Page
|
Stories in this Section |
 |
|
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |
Copyright © 2008, The
Hindu Business Line. Republication or redissemination of the contents of
this screen are expressly prohibited without the written consent of
The Hindu Business Line
|