Insider Threat Still Causes Maximum Damage: Uniken

As handling security threats and data breaches become more complex, Sanjay Deshpande, co-founder and CEO, Uniken, feels optimistic about the fact that enterprise management now understands the need to invest in data security. Sanjay, in an interview with CIO.in talks about the ecosystem surrounding data security.

What according to you are few of the basic things that CIOs should understand before choosing a particular security solution? Do you feel CIOs have adequate understanding of security issues?

First and foremost thing a CIO should consider is the alignment of security solutions to business needs. A retail business will have different security needs than a pharma company or a bank. A security solution should mirror the needs of a business. A CIO should also be concerned about the enterprise readiness of the security provider and the long term vision to ensure support for ever increasing threat landscape.

Additionally, they should be proactively looking at innovations in security as the solutions need to keep pace with the increasing threats.

However, most CIOs have adequate understanding of the security issues and are engaged closely with CISOs or business stakeholders to protect enterprise systems and data. But when it comes to security investments, enterprise priority still seems to be decided by compliance requirements and internal technology infrastructure followed by future readiness.

Fortunately, the trend seems to be changing, as the enterprise management is realizing the importance of security and the need to be up to date with it.

How does a company handle and minimize data breaches? What according to you is the most common way of breaching data and how does one handle it?

While the external attackers with their evolving techniques pose a regular threat, it is the insider threat that is often ignored and hence causes maximum damage. Critical data of an organization needs to be identified and protected in all forms (static/dynamic) from both internal and external threats.

The primary step to minimize the data breach is to identify and allow only authorized users and devices to access sensitive enterprise applications. Security also needs to be micromanaged at the device level by ensuring access to applications on a need-only basis, unlike traditional VPN approach of allowing entire device into the network. This should be done to ensure safety from any threat vector attached to a single device.

Above all, end-to-end visibility of enterprise data sharing and application access within and outside LAN helps to keep a track of the data transfer going on. The internal stakeholders need to be educated about the importance as well as techniques for maintaining security of their data and communications.

As a CEO, what according to you is the biggest challenge when it comes to building new security solutions?  

The challenge is not to take a myopic approach of only protecting the users from one type of attack (i.e. phishing or identity stealing) but to deploy a holistic solution which protects its stakeholders from all forms of attacks while providing them with secure, ubiquitous, and consistent user experience across devices and platforms anywhere, anytime.

As security is a sensitive issue, it is difficult to recruit champions who would be open to deploying a new technology. But once the value and the strength of the technology is proven, the journey gets easier.

When it comes to banks, how or in what ways the security challenges are different from normal corporate organizations? Can you throw some light on your recent endeavor with bank of Maharashtra?

Banks handle massive amounts of confidential data and communications every day, therefore facilitating a need for a solution that provides foolproof security at all times and places.

New age facilities like Net Banking, Mobile, and Tab Banking have provided added convenience and comfort to the customers, but have also exposed the customer-bank transactions to malicious third parties who can tamper with the data and transactions on both sides.

Loss of confidential client data these days is fatal, since the breaches can involve lakhs of victims, leading to not just financial loss worth millions of dollars, but an immeasurable reputation loss in the market. Compounding this is the continuously proliferating threat landscape like phishing, bot-nets, MITM attacks etc. which target not just large enterprises but mid-level and small organizations also.

We have developed a secure digital banking app for Bank of Maharashtra, called as “MahaSecure “to enable secure access to internet banking facilities for both retail and corporate customers of the bank. MahaSecure will protect more than 3 lakh internet banking users of the bank from sophisticated online attacks.

What is your take on BYOD?

The BYOD phenomenon is reshaping the way IT is purchased, managed, delivered, and secured for enterprises. It is a double-edged sword. What appears to be a boon for the employees increasing their productivity and work–life balance, becomes a colossal task for the IT security team as they grapple with the multitude of user, devices, platforms, and application types.

The major challenge with BYOD is the protection of enterprise data while enabling employee access to enterprise applications through various devices and places.