“A Holistic, well-rounded Security Approach is the need of the hour”

Rohit Oberoi, Director Channel - India & Middle East, Seclore Technology in an open discourse on End point security explains how 2017 will be a revolutionary year in terms of coming out with stricter regulations and policies by organizations to secure their networks and data - 

2016 has been an epic year for cyber security threats. The positive side is that awareness is also increasing. With data leakage stories making headlines every day, the topic has entered mainstream discourse. The day is not far when companies are sued by customers for not keeping their private data safe. 

“The growing awareness, coupled with the government’s willingness to acknowledge the national security risks posed by cyberattacks, makes us hopeful we will see meaningful progress made in the fight to create effective cyber-legislation by the end of 2017. 2017 will (hopefully) be the year global leaders finally recognize the need for an InfoSec Geneva Convention, setting standards for what cyber-activities are and aren’t acceptable. Holding highly confidential information hostage and using it as black mail or manipulate elections is a whole new level of warfare,” opines Rohit Oberoi, Director Channel - India & Middle East, Seclore Technology.

He continues, “Furthermore, in 2017, we can expect to see organizations placing stricter compliance regulations on their third-party outsource vendors and other external collaboration partners. Third-parties such as advisors, vendors, sub-contractors and business partners pose a huge risk to organizations because they require access to systems and data to conduct business, yet there is no accountability in the way they handle a company’s data.”

Drivers of the Endpoint Security Market

The value offered by firewalls and anti-virus solutions has been on the decline. Seclore predicts that 2017 will be the year when organizations will acknowledge the need to secure the data itself, and not just infrastructure and devices. “The shift to persistent data-centric has already begun with Enterprise Digital Rights Management (EDRM) capabilities as a key requirement in their Enterprise File Synch and Share (EFSS). In fact several vendors have already jumped on the data-centric security trend in 2016, with Citrix and IBM adding Rights Management features to their EFSS and Enterprise Content Management (ECM) offerings,” says Rohit.

Another primary reason for the increased interest in data centric security is that the business itself (which after all is the ultimate owner of the data) is becoming more aware. For example, when a bank sends confidential customer data to its credit card embossing vendors, the Operations Head is as concerned about data security as the CISO or CRO. For IT, this makes it easier to obtain buy-ins and budgets - not to mention making solution adoption much easier too. After all, employees are more likely to follow instructions if they come from their bosses rather than from IT.  

Large organizations vs Smaller Organizations - 

The days when Information Security was nice-to-have are long gone. Now it is considered a key part of overall Information strategy. “That is one reason we are finding that more and more organizations are opting for the integration route for data-centric security products i.e. integrating them with existing enterprise applications such as ECM and ERP products,” he says. 

Awareness is increasing even among the verticals not traditionally associated with strong Data-centric Information Security programs, such as the Indian Manufacturing and Knowledge Process Outsourcing. Even government agencies have now started focusing their efforts in this direction.

It is however difficult to characterize the nature of data breaches today in relation to company size. The reality is that most leaks are largely ‘equal opportunity thefts’ i.e. they do not discriminate based on the size of the company. “We feel that every organization’s security strategy should be driven by its individual needs and requirements, rather than size or market capitalization,” he says.

“Security today is fragmented and not centralized; data security has traditionally focused only on securing information that stays within a boundary. A piece of data might be governed by one policy inside an application, by another policy on the endpoint, by yet another policy on a file server, yet another on the vendor’s inbox, yet another on the vendor’s file server, and so on. In fact, the very concept of endpoint security is boundary-centric and not data-centric – and endpoint security is the most potent symptom of this traditional approach,” explains Rohit.

And this approach, like he says while necessary has been proven insufficient in today’s flat world. Enterprises need a holistic, well-rounded approach to data security and governance. As hackers are taking a more targeted approach by exploiting higher value breaches beyond credit cards and social security numbers, no longer can we rely on just securing the infrastructure or devices. “And with new collaboration technologies and the use of outsourcing continuing to grow at a breakneck speed, it will be virtually impossible to keep up with hackers unless organizations evolve their infrastructures to support a data-centric security,” concludes Rohit.