SearchSecurity.in: With increasing mobility, it's become difficult for Indian organizations to secure their data. In this light, what are the basic issues that businesses need to focus on?
In the early 2000s, Indian companies focused mainly on network security. At that time, networks had clearly defined networks and boundaries. Security controls could be implemented at the clearly defined gateways so that only authorized people could enter from the perimeter.
Today, it's imperative that your employees, partners and customers are able to log in from outside the network. So the network boundary concept has disappeared. Along with it, the boundary between people who are inside the network and outside has disappeared. This has given rise to insider threats.
SearchSecurity.in: What do traditional information security mechanisms lack when it comes to combating insider threats?
The approach of treating your network as a security point for the enterprise's data has a fundamental problem, since the devices used in the network have lost their value. This is why the concept of information security has undergone a paradigm shift. Today, instead of protecting the containers [servers] in which the data lie, you focus on the data itself.
When data lying in a secured container moves to a not so secured server or a client, the data itself becomes very vulnerable. So data inherits the security of the container in which it lies. Since enterprises have no control over containers that are not within the enterprise, they had to start looking at protecting the data itself. This is how the focus is now in areas like encryption, and it has broadened the concept of security from network to data security.
By 2010, most of the top 2,000 global companies will have shifted to this paradigm where the security focus is on data. In Airtel, we started on a three-year strategy in 2006 to help us move away from network-oriented security towards data-oriented security. As part of that, we have made several changes to the way we approach information security.
SearchSecurity.in: So does this trend mean that network security will take a back seat?
We are now in the process of evolving from network security to endpoint security. Eventually, we will have to move on to data security. Around 2000, network security used to add 80% to 90% of value to the overall enterprise security infrastructure in India. Today, the importance of network security is around 50% in many Indian organizations.
By 2012 or so, the importance of network security will come down to 15% to 20% of the overall security value. On the other hand, the value that data security and end point security provide to an Indian enterprise will be 70% to 80%. Between endpoint and data security, the bifurcation of value will be around 60:40 (60 towards data security and 40 for endpoint).
SearchSecurity.in: Will network security be largely focused on the present models or will it transform to compensate for this change?
Network security's evolution has been in a couple of areas where we are seeing increasing importance. One such area is LAN zoning.
When we say that the boundaries have disappeared, we are effectively referring to the disappearance of the insider zone, which has actually merged with the outside zone. So the efforts will now increasingly go into rezoning the entire computing network, where you have trusted zones. At Airtel, across IT as well as our networks, we have different zones, like production zone, testing zone, etc. Similarly, enterprises are now effectively re-creating boundaries through zoning technologies. Traditionally, zoning has been through the firewall, but other forms of zoning are coming into vogue.
Virtual zoning is one such form, which is achieved by putting in place an overlay of encrypted tunnels. When you talk of an IPsec VPN, it's a very rudimentary form of a zone where the end user connects to the enterprise. The end user's machine with an IPsec client has logically become a part of the trusted zone through this pipe. So the whole community of users who connect to enterprises using encrypted tunnels will become a form of logical zoning. Therefore, enterprises are rushing to put these logical zones into place.
SearchSecurity.in: And how will endpoint security evolve?
On the endpoint front, these days you cannot be sure if the desktop or laptop has been infected or not. Most of the endpoints are bot ridden. They are not under the control of users, but under the control of blackhat hackers.
Traditional antivirus and malware products cannot find out if the computers have been infected, since rootkits change the way the operating system's commands work. It is all about ensuring that users with infected endpoints do not breach security – especially when you cannot be sure whether the endpoint has been breached or not. This is where developments like the Trusted Platform Module (TPM) from the Trusted Computing Platform initiative can prove beneficial for better endpoint security.
TPM is basically a chip inserted in the motherboard that can hold a certain amount of encrypted password data and other confidential data in absolutely tamperproof secure fashion. It's in hardware, so normal viruses and malware cannot attack it there. A majority of the laptops and desktops [that are] shipped these days have this in-built chip, which is not known by most users, since there are not many applications that use this feature. Now that's changing. For example, Windows Vista's hard disk encryption uses the TPM feature to ensure that the encryption key remains safe.