News

Security must change in Indian digital marketplace

Anup Basti

More than 25% of large digital marketplaces will have explicit strategies for consumer computing and security by 2018, according to Gartner.

Security frameworks that do not comply with the new consumerized marketplace will be sidelined.

Digital literacy has been increasing among employees and customers, and this has led to the introduction of several technology-related apps and processes to improve business promotion and user experience.

But Gartner analyst Tom Scholtz, warned that security practices must change because of this. “Implementation of a digital workplace exacerbates the IT department's loss of control over endpoint devices, servers, the network and applications,” he said. “In a fully consumerized workplace, the information layer becomes the primary infrastructure focal point for security control. This reality necessitates a shift toward a more information-focused security strategy.”

Companies are already increasing their investment in security information analytics and context-based information/database monitoring. Today's end-users expect more freedom in the marketplace and this sharpens the focus on the credibility and trustworthiness of a digital platform.

People-centric security (PCS) focuses on behavior management among consumers. It is mandatory for every organization to have a proper security team to tackle the risks associated with a more penetrating technology. Gartner’s “Nexus of Forces” concept shows the convergence

Requires Free Membership to View

of mobility, social interaction, information and cloud to foster better interaction among all stakeholders and bring about a well-designed and ubiquitous technology platform.

India should be at the forefront of digital marketplace security as the sector becomes an increasingly important part of its economy.

According to a May 2014 report by eStatsIndia, consultant to IDC India, digital marketplaces will be contributing about $41m to India’s GDP by 2015.

Sabyasachi Jana, founder of photography website 300Stock, said: “The nature of internet transactions present unique problems for entrepreneurs. As a fledging marketplace online, we need to take extra steps to ensure consumers are well protected and that their money is processed through safe channels.”

As important participants in the global internet arena, Indian digital marketplaces are seeking the highest-level security upgrades.

Angana Chatterjee, administrator of Indian Railways, said modern Indian consumers are looking for easier and more secure internet processes. “Anything less than the best standards gives the company/brand a bad name and can cost enormous amount of money,” he said.

Separately, Gartner has published its top 10 technologies for information security in 2014.


 

Gartner's top 10 security technologies for 2014 

1 Cloud access security brokers

Cloud access security brokers are on-premises or cloud-based security policy enforcement points placed between cloud services consumers and cloud services providers to interject enterprise security policies as the cloud-based resources are accessed.

2 Adaptive access control

Adaptive access control is a form of context-aware access control that acts to balance the level of trust against risk at the moment of access, using some combination of trust elevation and other dynamic risk mitigation techniques.

3 Pervasive sandboxing (content detonation) and IOC confirmation

Some attacks will inevitably bypass traditional blocking and prevention security protection mechanisms, in which case it is key to detect the intrusion in as short a time as possible to minimize the hacker's ability to inflict damage or exfiltrate sensitive information.

4 Endpoint detection and response solutions

The endpoint detection and response (EDR) market is an emerging market created to satisfy the need for continuous protection from advanced threats at endpoints (desktops, servers, tablets and laptops), most notably significantly improved security monitoring, threat detection and incident response capabilities. These tools record numerous endpoint and network events and store this information in a centralized database.

5 Big data security analytics at the heart of next-generation security platforms

Going forward, all effective security protection platforms will include domain-specific embedded analytics as a core capability. An enterprise's continuous monitoring of all computing entities and layers will generate a greater volume, velocity and variety of data than traditional SIEM systems can effectively analyze.

6 Machine-readable threat intelligence, including reputation services

The ability to integrate with external context and intelligence feeds is a critical differentiator for next-generation security platforms. Third-party sources for machine-readable threat intelligence are growing in number and include a number of reputation feed alternatives.

7 Containment and isolation as a foundational security strategy

In a world where signatures are increasingly ineffective in stopping cyber attacks, an alternative strategy is to treat everything that is unknown as untrusted and isolate its handling and execution so that it cannot cause permanent damage to the system it is running on and cannot be used as a vector for attacks on other enterprise systems. Virtualization and containment strategies will become a common element of a defense-in-depth protection strategy for enterprise systems, reaching 20% adoption by 2016 from nearly no widespread adoption in 2014.

8 Software-defined security

Software-defined security is about the capabilities enabled as users decouple and abstract infrastructure elements that were previously tightly coupled in their data centers: servers, storage, networking, security, and so on. Like networking, compute and storage, the impact on security will be transformational. Software-defined security doesn’t mean that some dedicated security hardware isn’t still needed – it is. However, like software-defined networking, the value and intelligence moves into software.

9 Interactive application security testing

Interactive application security testing (IAST) combines static application security testing (SAST) and dynamic application security testing (DAST) techniques. It aims to provide increased accuracy of application security testing through the interaction of the SAST and DAST techniques.

10 Security gateways, brokers and firewalls to deal with the internet of things

Enterprises, especially those in asset-intensive industries such as manufacturing or utilities, have operational technology (OT) systems provided by equipment manufacturers that are moving from proprietary communications and networks to standards-based, IP-based technologies. OT is considered to be the industrial subset of the internet of things, which will include billions of interconnected sensors, devices and systems, many of which will communicate without human involvement and that will need to be protected and secured.