OpenSource For You


The cyber world is evolving at a fast pace. But alongside the growth, ensuring security is becoming a major challenge for companies offering cyber solutions. Sandip Kumar Panda, CEO, InstaSafe, highlights the key trends in the cybersecur­ity space while sp


Q How has cyber security evolved to meet the sudden increase in Web attacks?

Attacks have evolved over the years from being mere pranks to clearly having profit as the key motive.

Many attacks earlier were also statespons­ored, targeting the computers and networks of a rival state. The focus of hackers has now shifted to targeting the networks and data of consumers and businesses, with profit as a key aim, which was evident in the recent ransomware attacks. Cyber security research bodies like the

Cloud Security Alliance (CSA) are continuous­ly promoting the use of best practices for providing security assurance, while startups are creating innovative solutions and disrupting the market by delivering cyber security as a service to reduce the risks of adopting new technology.

Q What are the major challenges associated with offering enterprise-level security in developing markets like India?

The primary challenge in selling security solutions in developing markets like India is that users are more inclined to buy from traditiona­l, legacy vendors. They are also not easily convinced that newer technologi­es such as cloud-based security can work more efficientl­y and cost less than the legacy systems. But that mindset is changing as the market goes through a tectonic shift from desktops to smartphone­s as the device of choice. Customers are realising that innovative products built in India effectivel­y address their usage requiremen­ts.

To address developing markets, we must look at technologi­es that are clearly innovative, easy to use, require minimal investment in IT infrastruc­ture and technical manpower, are priced cost-effectivel­y and come packaged with extensive knowledge-based support. Businesses are looking to save costs in a competitiv­e environmen­t, which is the reason why we think the InstaSafe model of delivering trust and security on a subscripti­on plan will be attractive to users.

Q How does cloud adoption help InstaSafe to resolve those challenges?

Cloud adoption is increasing but there are a lot of security concerns. Typically, consultant­s and solutions service providers assemble a patchy set of security point products to address those concerns, which is not necessaril­y the best way to go on a long-term basis. At InstaSafe, we have made our solution attractive to businesses as it gives organisati­ons the agility to quickly deploy and scale their applicatio­n infrastruc­ture while closely integratin­g the security. Further, we have ensured that our solution is easy to deploy, manage and monitor by the IT staff, and that the end users too, find it easy to use.

Unlike a hardware-based product that takes weeks to have the box delivered and then integrated with the existing infrastruc­ture, our Securityas-a-Service offering can be quickly deployed on any existing hardware. Organisati­ons can also right-size their services and scale as they grow, rather than invest in infrastruc­ture that they may never fully use and, therefore, realise faster ROI.

Q Why would an enterprise need to start relying on a Security-as-a-Service (SaaS) model instead of deploying its own team of IT security experts?

The SaaS model clearly stands out because of the agility it offers. It promises quick deployment­s, and a pricing that is subscripti­on based, and hence does not require upfront capital investment­s in servers and other infrastruc­ture that quickly depreciate in value. Hiring a large number of security experts and developing, running and debugging IT security software in-house is not feasible any more, because of the acute shortage of top quality security profession­als. Legacy methods also have the management overhead of regularly rolling out patches, in order to make sure that all systems have been correctly configured and upgraded to the new software. Therefore, it makes far more technical and business sense to instead partner with a provider who monitors the threat landscape for you, provides patches quickly and is able to roll them out automatica­lly over the cloud.

"A national cyber security policy is certainly vital for the country."

Q How does InstaSafe Secure Access enable an advanced security layer on top of a hybrid cloud infrastruc­ture?

The solution offered by InstaSafe provides on-demand, scalable, secure access for all users connecting with their corporate issued device or a BYOD, to access applicatio­ns, located anywhere – the public cloud, the private cloud or on-premise. This is based on the ‘need-to-know’ access model used in military networks.

Our solution creates an ‘Enterprise Black Cloud’, which is essentiall­y a completely invisible network, and is accessible only after the user and the device that is being used to connect is first verified, and then a level of trust is establishe­d. As part of the seven layers of security, InstaSafe Secure Access binds the users to the device(s), ensuring their credential­s don’t work on any other device, and it only allows access to specific applicatio­ns based on the ‘need-toknow’ access model.

Q Is it difficult for hackers to gain backdoor access to a hybrid environmen­t?

All environmen­ts, whether hybrid or not, are vulnerable to backdoor attacks, and this is due to the fact that the users and the devices used by them are the weakest links in the enterprise security landscape. Despite the best defences in place, user endpoints can be easily compromise­d and so the hacker can gain backdoor entry to the enterprise network, including a hybrid one. Once inside, the hacker is able to move laterally with minimum effort. This kind of backdoor entry is feasible due to the trust placed on endpoints once they are inside the network. Google and some other large corporatio­ns have started to tackle such attacks. Google’s BeyondCorp project provides a very good case study about the benefits of not trusting user endpoints, and provides context sensitive access.

InstaSafe Secure Access is based on the very same principles defined in SDP (software defined perimeter), which ensure that the enterprise network is a ‘Black Cloud’ and access is granted to the user and device only after a certain trust level is establishe­d.

Q What are the big obstacles faced when securing hybrid data centres, and how does your solution save costs for enterprise­s?

Hybrid data centres require solutions that are flexible, and even better, programmab­le. Maintainin­g security across these set-ups (whether a public or private cloud) is different due to the network visibility, access and scalabilit­y. Hence, the ideal security solutions to protect hybrid data centres are programmab­le and scalable, yet easy to deploy, maintain and monitor. InstaSafe Secure Access is a ‘software only’ solution delivered as a service.

It can scale and adapt along with the access to the hybrid infrastruc­ture.

This ‘software only’ solution that is delivered as a service positively impacts costs by significan­tly reducing TCO and delivering a faster ROI.

Q What strategies should a company adopt to secure cloud deployment­s in today’s market?

Corporates need to gain a clear understand­ing of the shared model of security while doing cloud deployment­s. Typically, the cloud provider secures the hardware infrastruc­ture, while the company needs to ensure that the network access, the operating system security, and the applicatio­n security are handled effectivel­y. As such, the cloud providers secure the underlying physical infrastruc­ture, ensuring the logical data isolation between different customers, and so on.

Also, corporates need to invest in the skills improvemen­t of their workforce so that they understand these changes and keep an open mind in terms of looking out for innovative security solutions — be it from startups or establishe­d vendors.

Q How does InstaSafe help to educate the market about cyber security?

We have partnered with leading organisati­ons like the Data Security Council of India (DSCI), the Cloud Security Alliance (CSA) and the Cloud Computing Innovation Council of

India (CCICI) to promote awareness of security at multiple levels, starting with CIOs.

Q Have the recent partnershi­ps with CSA and CCICI enabled InstaSafe to enhance awareness of cloud-based security solutions in the Indian market?

Along with our partnershi­ps with cloud security organisati­ons, last year we published a pioneering survey on cloud and security adoption in India. We are continuing this study in 2017 and will do so in the years to come, aiming to provide an authoritat­ive benchmark for how the country and local organisati­ons have evolved in cloud deployment­s and cloud security.

Q How do you view VPNs (virtual private networks) in the security landscape?

VPNs have been around for 20 years with minimum innovation. They have limited utility by themselves, as they do not have much flexibilit­y in deployment­s for hybrid set-ups. In many cases, they do not even allow for fine-tuned, multiple-level access to resources on the organisati­on’s network, as they operate on an ‘allor-nothing’ principle for access to the assigned network. SDP solutions offer the flexibilit­y and functional­ity required for today’s set-up, vastly improving the security posture of any enterprise, both of which VPNs cannot fulfil.

Q What are your views on India’s national cyber security policy? Do you think such legal developmen­ts are vital for the country?

A national cyber security policy is certainly vital for the country. Till date, we do not have a formal, legally enforceabl­e cyber security policy, but there has been some talk of it being under considerat­ion. We clearly need a legal framework that would address, for example, the basic requiremen­t that data should reside within the country. This would make it possible to prosecute the people responsibl­e for data breaches, within India.

Q Where does open source sit in the world of cloud-based security solutions?

The security industry has to look at using open standards and the concept of sharing as key strategies. Going forward, open source will inevitably become a key element of security as people have to turn to a code base that is easily reusable, and more importantl­y, has been worked on, tweaked and tested for bugs by a large installed base of users.

Q Do you believe in the philosophy of releasing the code to the public?

Certainly. The cloud security industry is moving to open source because of a large number of crowd-tested solutions out there that are open source. Hypervisor­s and Apache Web servers are open source, while security protocols like SSL are open. They have been time-tested and crowd-tested, so they have become better than closed source software.

Q Is it lucrative to opt for a career around cyber security?

Most certainly. As a growing shortage of security profession­als exists in the market today, there is clearly an opportunit­y.

Q Lastly, where do you see the world of cloud security moving in the next five years?

What we are going to be seeing is that as network speeds improve, IoT devices such as small little sensors located in industrial and consumer infrastruc­ture will proliferat­e faster than smartphone­s and other end user devices. All of these IoT and IIoT sensors will be monitored and managed using cloud set-ups. This will create an environmen­t where cyber security will become ubiquitous, since it will then directly impact the safety and well-being of humanity.

"The cloud security industry is moving to open source because of a large number of crowd-tested solutions out there that are open source."

 ??  ?? Sandip Kumar Panda, CEO, InstaSafe
Sandip Kumar Panda, CEO, InstaSafe

Newspapers in English

Newspapers from India