The Future of Security - New holes, New walls 

BANGALORE, INDIA:

Security has always been an imperative for Enterprises but the recent blitzkrieg of attacks, ransom-ware onslaughts, connectivity-fall-outs, unforeseen vulnerabilities and an increasingly-consumerised world of technology with ever-blurring boundaries have turned this aspect of IT into a sly ghost that is simply hard to pin down. On his recent trip to India Wias Issa, Vice President and GM - APJ, SonicWall helped to deconstruct many doubts and fears around a fast-morphing security world.

Excerpts from an interesting chat during the CMR-Digital Security Summit with Thomas George, Head, CMR:

TG: Welcome to India Wias! Could you please give us a glimpse of SonicWall’s legacy and its current offerings? 

Wias:-We have been in this terrain for 25 years. It started with technology that was created by two Indian engineers, with the basic premise of going beyond the firewall technology. With every technology evolution of course, the security corollaries have also evolved. From the basic computer viruses of the 90s, to cyber-espionage strikes of the 2000 phase, to the onset of email security, the influx of phishing, then ransom-ware and now towards cloud environments and radical contexts like Office 365 and G Suite – we have come a long way protecting users and their information assets in every era and with a stable of offerings that are always ready for the future.

TG: Given this long and deep legacy, where do we see SonicWall heading in comparison to its competition spread across a huge spectrum - from anti-virus software vendors to appliance-based players?

Wias: I would say there is a major difference between us and other market players since we are a pure-play security company and bring strengths and insights deep into this domain.

TG: What are SonicWall’s R&D strengths and global footprints?

Wias: Interestingly, our thrust on R&D is huge with a 30 per cent workforce-concentration; and a vast majority of our R&D team  is based in Asia with significant presence in India and China. We are focusing on shaping the right product for the right solution and solving as many emerging problems and trends as we can address.

TG: How well do you see Asian countries stacked-up against mature economies in the context of security-readiness? And why?

Wias: The maturity is substantially lower in this part of the world when compared to the USA. This can be due to many reasons. The US has seen attacks for a relatively-longer period of time, and enterprises there are more motivated to communicate well. When similar attacks happen in Asia and we map the basic cultural differences, we observe that, here, we tend to hide things when something bad happens. This doesn’t happen in the US and contrary to how Asia reacts, there people spread more and more awareness and information about a security fiasco.

This amplifies success and openness for future. They also have strong cyber-capabilities on the Government side, with NTTs and special agencies focused on defending the home-land against cyber-threats. In terms of preparedness, acknowledgment of attack at senior-level, the significance attached to IP assets and speed of response too, the US fares better. Of course, maturity on security varies from country to country and that hinges on the level of understanding around what technology and what kinds of measures exist and also, on the kind of intelligence one needs to wield.

TG: How can security vendors boost InfoSec industry associations, emerging rapidly with a common security agenda to generate awareness and solutions for enterprises against newer and newer threats?

Wias: I think the vendor community is willing to help customers evolve in the understanding of threats and accelerate in a direction that is about open-information sharing. I agree that it is important for competition to galvanise together towards a common goal. We still have to see how such goals can be achieved well with such consortiums but I do opine that there are some vendors manifesting a significant development and intent on this road.

TG: How do you see the future evolving, specially, as it’s getting more and more complicated with the proliferation of IoT and the ever-sprawling connectedness across devices, platforms and environments?

Wias: The paradigm is certainly challenging. We have seen so much in so many parts of the world be it a nation’s power or communication infrastructure getting vulnerable to just a few key board strokes or the ease with which one could infect cyber-infrastructure. It would be interesting to see what 2018, 2019 and 2020 bring forth.

TG: For sure, these guys must be keeping you on your toes?

Wias: Absolutely.  But we are going to solve as many promises to customers as possible. I got a chance to meet some CIOs yesterday, ascertained what their problems are, and we are resolute and resolved to address as many problems as possible and to fortify strong relationships with them.

TG: Are there any verticals, in your reckoning, that are more susceptible to such attacks. Like BFSI or Government? What piques your interest that way from an India perspective? 

Wias: I think every vertical is susceptible, but if we look at the ones that can be the most targeted, I would say - Government. In fact, anything that comes under this scope - military, defence, aviation and the entire critical infrastructure side from rail, road, energy utility – they all are highly targeted and will remain so. I also see technology vertical as a serious one in India. The country, being the backend of the world’s infrastructure and technology companies here all set for massive growth in the next few years – will face new security implications as growth happens.

Then, I guess we should consider the telecommunication infrastructure too, as it gives thread activity and loops a lot of useful information, calling patterns, key information, data flow etc. We cannot be oblivious to financial services too because when a financial transaction is breached and money is stolen, it is so hard to map it. Finally, when I look at Manufacturing’s new age, R&D investments, India’s digitization drive and impetus on Smart Cities – I feel that many areas are prone to attacks and need a security edge.

TG: How does SonicWall take care of end-point security in light of the spurt in BYOD adoption among enterprises? More so as your traditional foothold has been in the areas of network security but today we are gazing at a massive spread of end-point accesses, multiple devices and multiple people across many enterprise systems. 

Wias: Great question! So, yes, an end-point is the end-destination of an attacker. It can be a server or a laptop – anything that ultimately stores the valuable information which an attacker is after. We can look at the email route here and inject secured mobility with better control on applications that we access as well as on login-modes. We are exploring new partnerships in this area and working on new solutions to solidify email security. That is just an instance of how serious and proactive we are about the new face of security.

TG: How do your customer segments get split across SME, Large and Public-sector enterprises? 

Wias: We have half a million customers worldwide with most of the history among the mid-enterprise and SMB leagues; but in the last several years we have moved vigorously in the enterprise market. We have been quite aggressive in last 12 months and tapping incredible speed and innovation for a renewed velocity, focus and innovation. After some strategic changes took effect, what we have covered in most part of the last 12 months’ period, we couldn’t do in the last four years.

TG: Any peek into your performance after the change of ownership - specially what it is like being under a private equity firm management vis a vis being part of an IT Company?

Wias: I don’t know which one is better. Both have their pros and cons. We have given the press release on financial performance and have been able to meet every single target. So we are very-very happy about it.