From a domestic point of view (India), what are the major trends in the security space today?
In the security space, major trends include the usage of one-time-password (OTP) tokens for enterprise security, providing secure access to virtual private networks (VPN), remote desktop access and Windows logon. In the eGovernment space, public key infrastructure (PKI) has been the most popular solution for applications such as corporate tax filling, eTendering and secure access to application.
In the ebanking domain, SMS OTP is the most popular technology for providing security to ecommerce applications. The trend for deploying OTP tokens for banking customers began in 2010.
If you look at the current security landscape, what is the real opportunity for security vendors such as yourself?
As the online population booms, the need for security solutions is constantly growing especially with increasing cyber attacks, hacking, phising, shoulder threat and key loggers. For instance, Sony was recently under such cyber attacks. In the banking sector, eBanking is where two-factor authentication has become an important component for the security of bank customers..
Where do you see maximum traction from? Is it from the SMBs or large enterprises and why? Do you have different solutions for SMBs (more affordable)?
Security is key for both SMBs and large enterprises. However their needs and deployment methods may differ. For instance, SMBs are comfortable adopting solutions such as OTP tokens for VPN access and other applications. As the user group is relatively small, it does not require a heavy investment and issuance is easy to manage.
One of the challenges with SMBs is deciding on the solutions that their system integrator (SI) partners offer them. Often, they are proposed with basic authentication technology due to the lack of awareness of various more secure and affordable solutions.
As for large enterprises, their internal team has a process of understanding the solutions that meet their requirements in terms of security levels and budget. However, they also face issues such as handling device management which acts as a reverse force to adopt such practices.
Enterprises today have to manage multi-applications. An enterprise may engage numerous vendors for various applications including identification and physical access, OTP tokens and mail encryption software. This is costly as each vendor deploys an authentication server. Gemalto has various solutions which can be offered under one single authentication framework as well as a single form factor based on the user applications and security requirements. This allows enterprises to reduce their IT costs working with just one authentication server and managing one device.
Does security needs vary from industry to industry? For example, are the security related needs of a firm in the healthcare domain different from a company in the manufacturing domain? Please cite some examples
The basic aim of security is data protection against physical or cyber stealing. Typically, the security industry has a common requirement for physical access and logical access security. What usually varies is the form factor depending on the user comfort and needs.
The security needs also varies based on the size of enterprises – SMBs or large enterprises rather than the industry. For instance, the pharmaceutical industry will require security for secured access to R&D research documents and secured storage and this can be done using PKI. This PKI technology deployed will be similar in other industries.
The security and compliance solutions put in place few years ago have now become outdated and ineffective. What are the changes taking place in the areas of security?
In the private enterprise sector, the trend is to deploy OTP. However, PKI is now being considered as it offers greater levels of security compared to OTP. For government and defence type organizations, they are more concerned about implementing the highest security. Hence, biometric with PKI is usually selected for its high-levels of security even though it is expensive.
Social networking, cloud and mobility have brought about new challenges to security? What kind of solutions have you launched in the marketplace to help customers resolve this issue?
Additional security features have been added over the traditional OTP and PKI technology to enhance their security and reliability. Mobile PKI is one of the new adoptions to help users gain simple and secured access to social networking, cloud and gaming devices.
What do you think is the demand for cloud-based security services? What is your experience in the Indian market?
Demand is there in the market for cloud based security in the private enterprise, as it helps them to reduce the cost of the deployment of 2FA , whereas public firms are not yet comfortable to share their data with third party (Host).
In the Indian market, cloud based security services have been accepted as a better solution to reduce deployment cost, provide better management of services and integration with third party tools. However, confidence and trust needs to be established especially due to the sharing of internal data which sometimes is confidential and sensitive with the third party (cloud service host). We can expect the acceptance of this technology in commercial aspects in the coming years.
From your product portfolio, which of your products are witnessing greater demand than other products? Can you cite any reason?
OTP Token – Providing multi-authentication features through a single solution. For instance One Time password , SMS OTP , On Mobile OTP , EMV Cap , Dynamic Signature , Printed OTP which helps enterprise to choose form factors based on their users role.
Hybrid Cards/Tokens – PKI token in the form of the smart card and reader enables users to use the device commonly for identity proof, physical access, canteen payment, parking access , logical access through PKI (VPN access, mail encryption, document encryption, hard disk encryption and Windows logon), logical access through OTP (Portal login, Outlook Web access and VPN access). All these can be stored in a single device also known as the corporate badge.
Flash with PKI – This product enables users to use flash memory in a secured way. All the flash data stored in the device flash memory is encrypted with the smart card key. The smart card present in the device enables user to use it with any security application requiring Digital Signature for authentication or OTP generation. It also helps users to build and store applications on the flash component of the device which provide additional security to applications like Booting Window with the device, hardened browser to prevent them from malware attacks etc. This device again offers multiple usages by including PKI, OTP and Flash as one component.
Your view on the demand for managed security services in India? What has been your experience?
Security as a managed service is at the beginning stages of being understood by the market. We anticipate more interest to come as understanding of the offer grows.