Network security: Going beyond firewalls - Networking Special- Express Computer India Page 1 of 3

[AD]

Issue dated - 24th June 2002

-

Front Page > Networking Special > Story Print this Page| Email this page
CURRENT ISSUE
INDIA NEWS
SOFTWARE NEXT Network security: Going beyond firewalls
COMPANY WATCH
STOCK FILE
OPINIONS
NETWORKING SPECIAL A few years ago, security for Indian enterprises meant putting a firewall in place. Today,
PRODUCTS with the Internet impacting the banking and financial services industry (BFSI) and the
EVENTS manufacturing segment, companies in these areas are looking beyond mere firewalls.
EC SERVICES Pankaj Mishra finds out that Indian enterprises are adopting more robust and
ARCHIVES/SEARCH sophisticated means of network security
IT APPOINTMENTS
EMERGING CAREERS
WRITE TO US
The overall size of the Indian security market is pegged at around
SUBSCRIBE/RENEW Rs 200 crore, 0.8 percent of the total IT spending in the country (Rs
CUSTOMER SERVICE 26,000 crore). Growing at 35 percent annually, the Indian market is
ADVERTISE 5-10 percent ahead of APAC growth rates. However, the market is
ABOUT US tiny when compared with overall IT spend and analysts opine that
information security should be 5-10 percent of this number.
Network Sites According to Cisco’s
IT People ramana, enterprises have
Indian enterprises have come a long way in realising the gone beyond firewall
Network Magazine
implications of lacking well defined network security policies. protection and are now
Business Traveller deploying intrusion
Exp. Hotelier & Caterer According to a recent KPMG survey, the total cost of computer detection systems
Exp. Travel & Tourism crimes over the last five years was $10 billion globally and India
Exp. Backwaters ranks in the top five list when it comes to e-commerce security breaches. “Companies in
Exp. Pharma Pulse the country have been focusing on firewalls till now. In terms of technology, the Indian
Exp. Healthcare Mgmt.
market is still in its infancy, enterprises are not very receptive to advanced technologies
Express Textile
Group Sites
because they are expensive,” says Purushottam Goel, architect, Aztec Software. However,
ExpressIndia he adds that the MNC subsidiaries in India are better when it comes to advanced security.
Indian Express
Financial Express Though most of Indian enterprises are still in the early stages of implementing security
when compared to their global counterparts, the Indian banking and financial services
industry (BFSI) is spearheading the move to evolved security policies. The BFS sector is
very receptive when it comes to drafting an end-to-end security solution because any
intrusion or downtime can result in immense loss here. Moreover, the Reserve Bank of
India has mandated that banks have to document a security policy and conduct audits at
regular intervals. “The significance of IS security in the financial services sector is
reflected by the fact that 93 percent of respondents have ranked it as high priority.
Comprehensive security policy documentation exists for 67 percent of respondents,” says
a report by CII-PwC. 81 percent of financial services enterprises in India are looking at
strengthening network security.

The Indian network security market consists of vendors like Cisco, Symantec, Nortel and
system integrators (SIs) or consultants like Microland, KPMG and Bangalore Labs. Of the
Rs 200 crore security market, services and consultancy account for Rs 100 crore.

With the advent of the Internet, Indian enterprises became aware of

network security during 1997-98. That was the time when enterprises
were getting exposed to the Web. “That can be described as phase one
of Indian network security. There was a gradual shift to internal
security, apart from basic security against external threats. Some 18

http://www.expresscomputeronline.com/20020624/network5.shtml 07-Jan-08
Network security: Going beyond firewalls - Networking Special- Express Computer India Page 2 of 3

Microland's ganesan months later, firewalls and virus scanning solutions started creeping in
feels that companies
are entering a phaseand CIOs started looking out for more comprehensive solutions,” says
where they are looking
Ganesan K S, CTO and VP-engineering, Microland. The awareness
at outsourcing their
security management
and need for a comprehensive security policy started building up only
processes after companies incurred a loss on account of networks being
compromised. According to a survey conducted by CII and PwC,
around 8 percent of security breaches in India caused a loss in excess of Rs 50,000, an
excess of Rs 5,00,000 in each case in 3 percent of cases. However, the survey admits that
Indian enterprises do not prefer to quantify business losses resulting from security
breaches. This shows a lack of maturity.

“Indian enterprises have now gone beyond primitive firewall protection. Intrusion
detection systems are now being developed and deployed. The increased number of
seminars and workshops by vendors is creating awareness,” says S V Ramana, VP,
System Engineering, Cisco. The advent of Public Key Infrastructure (PKI) has also
triggered the need for securing networks. The PwC-CII survey states that 74 percent
(respondents) of Indian businesses increased their security budgets while only 6 percent
decreased their security spend in 2000-2001. The survey also adds that 63 percent of
corporates have allocated less than Rs 25,00,000 for security, while 5 percent allocated
over Rs 5 crore for strengthening IT security.

The survey also talks about barriers to security amongst enterprises. Capital expenses,
complexity of technology, lack of training, time and qualified staff, the rapid pace of
change, poorly defined policies, lack of mature tools, group co-operation and management
support and labour expenses are the barriers discovered by PwC and CII. “49 percent of
Indian corporates attribute capital expense as a barrier to the effective deployment of
secure systems, as against 55 percent globally. During 2001, technology related concerns
like pace of change of technology, complexity of technology and lack of trained
manpower were the primary barriers,” says the report.

Ganesan of Microland says the market is now entering into what he calls the ‘third phase’
of its lifecycle. “Indian CIOs are now looking at outsourcing security management
processes like vulnerability management services. 24/7 monitoring and support is what
they are seeking.” Microland is offering such services to Blue Dart. “We have a team of
50 security consultants and 22 security operations engineers who are certified by various
product vendors like Cisco. In India, we were the first to launch managed security
services and vulnerability management services,” says Vikram Chandna, product
manager, Microland.

“68 percent of respondents accord a high priority to security, but it is surprising to note
that only 41 percent have a comprehensive security policy document,” says the PwC-CII
survey. Risk analysis, classification of business data sets, end user awareness, procedure
for partners and monitoring standards are some of the missing components in the policy
documents of Indian businesses.

Most Indian enterprises still don’t calculate Return on Investment (RoI) when it comes to
investing in network security. Access control, encryption, firewalls, intrusion detection
systems (IDS), vulnerability assessment tools and virtual private networks (VPN) are
some of the methods being used. Interestingly, around 12 percent of corporates are using
Public Key Infrastructure (PKI) technologies. “Though PKI will become very critical in
non-physical banking, problems in implementing PKI still remain the biggest challenge,”
says Milind V Dikshit, head, technology solutions and security, Bangalore Labs.

The Indian manufacturing segment remains ‘not very receptive’ to security. According to
the PwC-CII survey, only 56 percent of them have given high priority to security as
against the overall Indian average of 68 percent. Surprisingly, around 70 percent of them
are using complex and advanced IT applications like ERP and CRM.

http://www.expresscomputeronline.com/20020624/network5.shtml 07-Jan-08
Network security: Going beyond firewalls - Networking Special- Express Computer India Page 3 of 3

Analysts believe that the use of VPNs for end-to-end authentication and encryption is
rising in India. One of the important trends set to emerge in 2002 is the outsourcing of
firewalls and intrusion detection monitoring by Indian enterprises. They are also planning
to enhance network security by taking advantage of OS and application security and
conducting security audits. Other tools like smart cards and biometrics are also expected
to gain ground in 2002. Firewalls are expected to come with authentication services and
content filtering facilities as vendors seek to add value.
<Back to top>

© Copyright 2000: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.

http://www.expresscomputeronline.com/20020624/network5.shtml 07-Jan-08