|
 The
security industry is poised for the kind of growth witnessed in
IT during the nineties, as most global organisations today consider
enterprise network security as a strategic priority, writes Mohan
Babu
Even
with the downturn in the tech sector, information security is perhaps
one area that has shown tremendous potential. Information security
has received a renewed focus after September 11. The different areas
of info security including the design, development and deployment
of systems that enhance physical security have gained prominence.
With most businesses and organisations regarding enterprise network
security as a strategic priority, the security industry is poised
for the kind of growth witnessed in IT during the nineties.
Companies
have already tightened access to their systems and core applications,
and are scrambling to ensure that they restrict access to the applications
without hindering the free flow of information across the organisation.
Securities of systems need to go hand-in-hand with a focus to customers’
wants and a customer who has gone through a number of levels of
security is likely to be disgruntled. However, this also means that
customers have to be educated about the need for security, working
as partners to the business. What exactly comprises the nascent
area of information security? I am no expert in this area, but as
a keen student of emerging technology, I decided to interview a
few peers and gathered the following basic facts:
-
Information security includes network security and firewalls:
It also includes a study of advanced TCP/IP, security fundamentals,
security implementation, router security and attack methods.
-
A secure defence is the best line of attack and includes network
defence and countermeasures: Risk analysis, firewalls, intrusion
detection systems, security policies and virtual private networks.
-
Information security is a vast area: Security includes user interface
security, including PKI and biometrics concepts and planning,
cryptography fundamentals, digital signatures, biometrics fundamentals,
PKI fundamentals, PKI standards, strong authentication, sign-on
solutions, file encryption solutions, certificate server deployment,
PKI solutions and applications, secure émail implementation
and network forensics.
-
Information security begins at home: A system is only as secure
as its weakest link. Even the best systems can be hacked by someone
who has access to the physical machine/network/box. Hence physical
security of a system is as important as the logical security of
the systems and networks.
Given
the focus on this area of IT, there are a number of bodies that
are gaining prominence in the area of ‘Information System Security’.
Foremost among them is (ISC)2 that conducts a number of certification
programmes (like CISSP). Needless to say, there are also a number
of academic programmes offered by universities in the US, UK and
elsewhere. I was recently corresponding with Manoj Kumar, a networking
and security engineer working for Vinciti Networks in Bangalore,
who wrote to me about the impending boom in this sector (in India).
He talked about a few consultants and institutions starting to provide
courses in information security there, and went on to add that a
number of smaller institutions and players are waiting to wet their
feet. I was not surprised by the ingenuity of domestic players in
this sector. However, having seen the boom and bust in tech economy
recently, I don’t see a successful proliferation of B and C
players who will jump in and start providing training in ‘security’
to eager students wishing to fly out to the US, UK or elsewhere.
If
information security is so hyped up, will the demand for Indian
software/networking professionals specialising in security see a
boom? Probably not, this is because most countries are becoming
extremely security conscious, and will think twice before they “import”
foreigners to work on their internal security systems. Even though
Indians are known around the world for their technical prowess,
they will find it hard to break into the Cosa Nostra, inner circle,
in foreign countries, especially in the current security-conscious
climate. For instance, the US government has a policy in place to
allow only citizens (not even Green card holders) to work on their
internal government systems, that too after thorough whetting in
the form of “security clearance and verification”. The
government is also extremely wary of letting systems pertaining
to national security that includes core business areas, out of the
preview of its governing bodies. For instance, even during the dotcom
boom, the American government realised the significance of Internet
and commercial data that was riding on the Net. The government nudged
businesses to create fault-tolerant systems that would enable the
systems to function even during worst case hacker attacks.
If
Indians will not be employed by companies and governments in foreign
countries to work on their security systems, what future do Indians
who wish to get into this nascent area have? My guess is as good
as yours, however, given the world-wide reach of technologies and
systems being deployed, national boundaries will have a lesser role
in defining the role of technologies and systems adopted around
the world. What this means is that multinationals operating around
the world will have to customise their systems to suite the requirements
of local countries where they operate, providing the right amount
of security required by local customers. In order to do this, they
will have to employ locals in domestic markets where they operate.
As Indian companies start maturing by going global, they will start
looking for world-class professionals to help them secure their
systems in the international marketplace. I see a growth in the
domestic market for security professionals, especially those trained
in western encryption and networking technology.
Indian
companies that develop world-class software and security products
confirming to recognised global standards would also do well. Case
in point: a number of Israeli companies have already gained a foothold
in the area of commercial systems security, acquiring global patents
for their products. They are poised to reap the benefits of globalisation
of security systems around the world. With the best brains working
on R&D, with vision and insight from NRIs in the US, UK and
elsewhere, even Indians can reap the benefits.
(Mohan
Babu is a software consultant based in Colorado Springs, USA. E-mail:mohan@indusdemographics.com)
|
PEOPLE
