In Cisco and the Data Security Council of India (DSCI) today unveiled the findings of a joint study titled Reinventing the Network in the Context of Security. Based on in-depth interviews with top security leaders and CIOs from various industry verticals in the country, the study sought to understand the characteristics and challenges of current security threats. It also outlined what the industry needs to do to develop forward-leaning security capabilities to guard against ever-evolving cyberthreats.
While Bring Your Own Device (BYOD) policies and mobility have resulted in increased enterprise productivity gains, they were also identified as major areas of concern for data security. The study revealed that the current generation of security capabilities implemented by organisations in India can protect them from traditional threats, but might not be enough to address the ever-evolving threat landscape. Therefore, organisations need to re-assess their security ecosystem and evaluate capabilities of next-generation security if they want to implement BYOD and mobility.
Mahesh Gupta, National Manager, Borderless Networks Sales, Cisco India and SAARC said,Risks from external and internal threats are continuously increasing, with this; the role of the network has also undergone a major transformation. CIOs today need to look at a security framework that is robust, integrated and pervasive
Vinayak Godse, Director - Data Protection, DSCI stated, The IT infrastructure has evolved from a limited set of corporate devices to include a repertoire of end-user applications, device and usage patterns. Hence, organisations are concerned about the targeted and organised nature of threats which are directed at achieving specific objectives.
Key findings from the study:
Embracing mobility
Organisations as well as employees are embracing mobility because of improved employee productivity and enhanced user experience. 66 per cent of security leaders in India encourage employees to bring their own device to work and 44 per cent allow employees to select and use a specific set of personally owned devices.
As BYOD becomes a key enabler for improved efficiency in the workspace, 72 per cent of security leaders have witnessed an increased demand for flexibility in using endpoint devices. That said, 59 per cent also believe that rigid policies around the endpoints are frustrating business users
63 per cent of the respondents agree that the business groups and their access requirements are getting complex, while 64 per cent indicate that there has been a rapid increase in requests for authorizing access to mobile devices
58 per cent of the security leaders said that they allow controlled access to emails and calendars and 40 per cent offer desktop virtualization access from any device
Cloud and outsourcing Organisations hesitant but allow data to cross organizational boundaries
46 per cent of security leaders said that the adoption of cloud is leading to multiple connection of external application or externally provisioned systems
40 per cent of the respondents said that the increasing adoption of cloud storage facilities causes data to be placed away from the organizations boundaries
52 per cent of the security leaders that were surveyed agreed that they see an increasing adoption of cloud-based applications
Challenges in managing the network
77 per cent of the leaders said that the attacks are originating from multiple channels and the attack payload is getting increasingly advanced.
More than two-thirds (69%) of the security leaders reveal that managing policies and configuration of devices is a complex undertaking.
Threat and malware protection (86%), quarantine of non-standard devices (83%), enforceability of network policy on mobile devices (83%), encryption of communication and data (79%), and security scanning of mobile devices (75%) were key concerns for the protection of the endpoints by the respondents of the survey.
40 per cent of the security leaders consider securing the advanced mobility enabled enterprise applications a key challenge.
The survey also says that 62 per cent of the security leaders believe that applications are no longer residing in the corporate data center.
Current state of network security
56 per cent of the respondents felt that current solutions are ineffective in managing the security of mobile, BYOD, and virtualization. 53 per cent also said that they dont have the capability of integrating external and internal intelligence.
43 per cent of security leaders indicate that capabilities for detecting & blocking attacks that detect known vulnerabilities are insufficient to address threats in the present scenario.
53 per cent of the respondents said that their existing solutions are incompetent to withstand sophisticated, targeted & persistent threats.
The survey revealed that the combination of various security capabilities working in tandem brings intelligence in to the system about 55 per cent confirmed that firewalls in combination with IPS are able to block security attacks to an extent.
A majority of respondents, 79 per cent, seemed significantly worried about the targeted and organized nature of threats aimed at achieving specific objectives. 80 per cent also indicated that social engineering is increasingly used for compromising security.
Network evolution
The increase in endpoint technology and demand by users to access information from outside the organizational boundary is driving the demand for network security solutions. 85 per cent of respondents indicate that integrating global intelligence such as blacklisted addresses with vulnerabilities is critical to network security architecture.
The survey respondents have assigned highest importance (92%) to the ability of policies to respond to threats; they are equally worried (86%) about the consistent enforcement of policies irrespective of physical or virtual deployments.
82 per cent desire capabilities such as, authentication and authorization of users based on who, what, where, when, and how including granular access capabilities
The ability to dynamically encrypt data while it is being accessed or transmitted is another important element mentioned by a majority (87%) of respondents.
The survey also revealed that the adoption of next-gen security solutions has immense challenges about 63 per cent of the respondents said that managing the solutions will require additional skills and effort, adding to cost. 55 per cent have also said that the phasing in of the current investment on security will be difficult.
Survey Methodology: The report is based on in-depth interviews with over 90 top security leaders and CIOs across industry verticals with focus on BFSI, IT/ITeS, Engineering Services and PSU in India.
Add new comment