|
Information
security industry awaits boomtime
The
security industry is poised for the kind of growth witnessed in IT during
the nineties, as most global organisations today consider enterprise network
security as a strategic priority, writes Mohan Babu
Even with the
downturn in the tech sector, information security is perhaps one area that
has shown tremendous potential. Information security has received a renewed
focus after September 11. The different areas of info security including the
design, development and deployment of systems that enhance physical security
have gained prominence. With most businesses and organisations regarding
enterprise network security as a strategic priority, the security industry
is poised for the kind of growth witnessed in IT during the nineties.
Companies
have already tightened access to their systems and core applications, and
are scrambling to ensure that they restrict access to the applications
without hindering the free flow of information across the organisation.
Securities of systems need to go hand-in-hand with a focus to customers’
wants and a customer who has gone through a number of levels of security is
likely to be disgruntled. However, this also means that customers have to be
educated about the need for security, working as partners to the business.
What exactly comprises the nascent area of information security? I am no
expert in this area, but as a keen student of emerging technology, I decided
to interview a few peers and gathered the following basic facts:
-
Information security includes network security and firewalls: It also
includes a study of advanced TCP/IP, security fundamentals, security
implementation, router security and attack methods.
- A secure
defence is the best line of attack and includes network defence and
countermeasures: Risk analysis, firewalls, intrusion detection systems,
security policies and virtual private networks.
-
Information security is a vast area: Security includes user interface
security, including PKI and biometrics concepts and planning, cryptography
fundamentals, digital signatures, biometrics fundamentals, PKI
fundamentals, PKI standards, strong authentication, sign-on solutions,
file encryption solutions, certificate server deployment, PKI solutions
and applications, secure émail implementation and network forensics.
-
Information security begins at home: A system is only as secure as its
weakest link. Even the best systems can be hacked by someone who has
access to the physical machine/network/box. Hence physical security of a
system is as important as the logical security of the systems and
networks.
Given the
focus on this area of IT, there are a number of bodies that are gaining
prominence in the area of ‘Information System Security’. Foremost among them
is (ISC)2 that conducts a number of certification programmes (like CISSP).
Needless to say, there are also a number of academic programmes offered by
universities in the US, UK and elsewhere. I was recently corresponding with
Manoj Kumar, a networking and security engineer working for Vinciti Networks
in Bangalore, who wrote to me about the impending boom in this sector (in
India). He talked about a few consultants and institutions starting to
provide courses in information security there, and went on to add that a
number of smaller institutions and players are waiting to wet their feet. I
was not surprised by the ingenuity of domestic players in this sector.
However, having seen the boom and bust in tech economy recently, I don’t see
a successful proliferation of B and C players who will jump in and start
providing training in ‘security’ to eager students wishing to fly out to the
US, UK or elsewhere.
If
information security is so hyped up, will the demand for Indian
software/networking professionals specialising in security see a boom?
Probably not, this is because most countries are becoming extremely security
conscious, and will think twice before they “import” foreigners to work on
their internal security systems. Even though Indians are known around the
world for their technical prowess, they will find it hard to break into the
Cosa Nostra, inner circle, in foreign countries, especially in the current
security-conscious climate. For instance, the US government has a policy in
place to allow only citizens (not even Green card holders) to work on their
internal government systems, that too after thorough whetting in the form of
“security clearance and verification”. The government is also extremely wary
of letting systems pertaining to national security that includes core
business areas, out of the preview of its governing bodies. For instance,
even during the dotcom boom, the American government realised the
significance of Internet and commercial data that was riding on the Net. The
government nudged businesses to create fault-tolerant systems that would
enable the systems to function even during worst case hacker attacks.
If Indians
will not be employed by companies and governments in foreign countries to
work on their security systems, what future do Indians who wish to get into
this nascent area have? My guess is as good as yours, however, given the
world-wide reach of technologies and systems being deployed, national
boundaries will have a lesser role in defining the role of technologies and
systems adopted around the world. What this means is that multinationals
operating around the world will have to customise their systems to suite the
requirements of local countries where they operate, providing the right
amount of security required by local customers. In order to do this, they
will have to employ locals in domestic markets where they operate. As Indian
companies start maturing by going global, they will start looking for
world-class professionals to help them secure their systems in the
international marketplace. I see a growth in the domestic market for
security professionals, especially those trained in western encryption and
networking technology.
Indian
companies that develop world-class software and security products confirming
to recognised global standards would also do well. Case in point: a number
of Israeli companies have already gained a foothold in the area of
commercial systems security, acquiring global patents for their products.
They are poised to reap the benefits of globalisation of security systems
around the world. With the best brains working on R&D, with vision and
insight from NRIs in the US, UK and elsewhere, even Indians can reap the
benefits.
|
