|
Information Security (IS) is one of the
fastest growing segments in the Information Technology (IT) market.
According to IDC, the worldwide demand for IS services was approximately
$8 billion in 2001, and is estimated to grow to $23.6 billion by
2006. The Indian market is growing at a compounded annual growth
rate (CAGR) of 27-30 percent. This growth has fuelled the demand
for various specialised security professionals—firewall analysts,
incident handlers, cyber law experts, security trainers and cryptography,
PKI and cyber insurance analysts.
Before writing about the demand for IS
professionals, one needs to clear common misconceptions about them.
Felix Mohan, CEO of Secure Synergy, says, “Most of the time
when we talk about IS professionals, we are referring to an ‘IS
aware’ professional.”
An ‘IS aware’ professional is
more of a network administrator and a systems architect, who besides
doing his ‘core job’, also has an inherent knowledge of
the security required for day-to-day work. On the other hand, an
IS professional is one who has a comprehensive know-how of security.
His primary job would be to assess the risk factors for an enterprise,
implement cyber insurance or design the security policy.
He also needs to have a good understanding
of management principles, along with technical expertise. This differentiation
needs to be understood by organisations, which can help them save
a lot of money. “A right decision can reduce the expenses,
as salary difference between an IS and the ‘IS aware’
professional can be upto 200 percent,” adds Mohan.
Growing demand for IS professionals
Statistics by different placement consultants
and job portals reveal a growing demand for security professionals
in the coming years. According to a recent Nasscom-JobsAhead.com
study, conducted by the research firm IDC, the demand for IS professionals
is 18,000 and 60,000, in India and worldwide respectively. This
is estimated to grow to over 77,000 in India and 188,000 worldwide
by 2008. Thus, the requirement, which presently accounts for about
3 percent of overall IT workforce demand, will rise to around 5-6
percent in 2008.
Pradeep Narayanan, head of NIIT’s
Education Business in India believes that the IS market certainly
has major potential India. From a skill or function, which was regarded
as a poor cousin of IT professionals, the IS talent pool today commands
respect.
“A lot of this has to do with the
evolution of the need for information security in the corporate
world, coupled with the increasing realisation of the importance
of its various facets,” says Narayanan.
Prominent signs of this impending demand
are already visible for past couple of years. Out of a total 50,000
IT jobs advertised on JobsAhead.com, the percentage of IS jobs have
substantially risen in past one year. Dhruv Shenoy, vice president-Marketing
of Monsterindia adds that majority of enterprise companies in the
country are hiring security professionals as evident from the job
postings on the Monsterindia website.
A few information security services are
have a higher demand. For example, the demand for professionals
catering to software security services (the largest of five categories)
is expected to increase at a CAGR of 27 percent between 2001 and
2008, with security management services showing healthy growth at
33 percent. Besides, some other areas that are witnessing a higher
demand for IS professionals are in—IS policy creation, firewall
configuration, Operating System administration, IS audits and disaster
recovery and planning.
Market drivers
The emerging vulnerabilities and threats,
ever-expanding complex networks and access points, coupled with
increasing regulatory requirements, are drastically affecting the
way organisations approach risk mitigation. Ranajoy Punja, vice
president, marketing of Cisco Systems India and SAARC, points out
that the industries that have the greatest need for information
security professionals are IT consulting, e-commerce, financial
services, insurance and manufacturing.
However, this demand is more evident in
the ITeS and BPO organisations, since they have realised that vulnerability
to Net crimes and any misuse/loss of data may result into losing
clients. Stringent privacy and security legislation in the US and
EU and ballooning concerns on security issues in outsourcing are
compelling Indian companies to implement information security. According
to Pankaj Khanna, vice president and head of channel sales and search
practice Jobstreet.com, the demand is growing exponentially as there
is almost a fanatical obsession for making the systems and process
foolproof (compliant with the international security standards)
from any hacking/virus attacks.
The growing concern about network security
vulnerabilities has also increased the demand for security-policy
reviews and vulnerability assessments (VAs). As a result, services
for information security assessments and integration services have
become a fast growing segment. “The need for information systems
auditors for reviewing the security is witnessing a higher demand,
particularly in the financial (banks and insurance companies), software
services and the ITeS sector,” says Bangalore-based S K Srinivasan,
associate director of PricewaterhouseCoopers. The RBI Internet Banking
Guidelines and consequent security services requirements of banks
have made IS professionals much sought after.
Industry observers point out that all this
has made security as one of the most sought after and best-paid
career. In fact, in the US, an entry-level IS professional can command
a salary of $75-80,000 per annum, with the one at the higher-end
earning somewhere around $1,50,000. In India, an IS aware professional
(say a network administrator), will earn close to $35-40,000, with
the top rung earning around $1,20,000 per annum.
Demand and supply gap
The need for IS professionals will exponentially
increase in the coming years as more overseas companies look to
India to cater to their information processing needs. Unfortunately,
this is not matched by a corresponding supply of skilled IS professionals.
The Nasscom report says that less than 10,000 professionals have
a working knowledge of IS. At this rate there will be an expected
shortfall of over 100,000 IS professionals globally, by the year
2008. Manik Ahuja, head of information and networking at New Horizons
India, mentions that in the US, there will be an expected shortfall
of about 25,000-50,000 IS professionals over the next few years.
“It is sure that in India, less than 2,500 professionals have
specific IS skills, which represents a miniscule 0.5 percent of
the IT workforce,” he points out.
Training needs to gear up
With the changing IS scenario, companies
can no longer look at IS as an extension of the IT department. IS
requires skill sets in designing, implementing and monitoring the
IT security infrastructure. The skill sets of IS professionals can
be broadly grouped under two categories namely, the IS technical
skill sets and business process controls skill sets. While technical
skill sets are required in setting up and implementing the information
security architecture and to review compliance to define IS policies
and procedures; business process controls skills are required to
ensure that business process happen in a controlled environment
in compliance with regulatory requirements.
The two major international IS certifications
in the country are Certified Information Systems Auditor (CISA)
and Certified Information Systems Security Professional (CISSP),
which are conducted by the Information Security Systems Audit and
Controls Association (ISACA), USA chapter in India. Apart from these,
most of the IS security product vendors also offer their product
specific certifications. The demand for BS7799 courses, conducted
by British Standards Institute (BSI ) India, has also grown over
the past two years.
A lot however needs to be done in this
area. Experts point out that there is a need for introducing concentration
in IS in the academic programmes covering the following: cryptography,
AAA framework, software safety and reliability, network security,
secure operating systems, application security, design of security
policies, disaster recovery, biometrics and security auditing.
Nilanjan Roy, senior manager, marketing
of JobsAhead.com adds that specific course modules should be introduced
for interested students. These should train students in the intricacies
of IS, and specific implementation technologies, such as network
equipment, cryptographic-algorithms, intrusion detection, biometrics,
etc. Although some institutes are offering courses on information
security, the overall focus is relatively low.
Mohan believes that India can leverage
on its growing expertise of information security professionals provided
it can overcome the major obstacles: Firstly, it needs to position
itself as ‘trustworthy’ for countries to engage Indian
IS pros in their sensitive projects—this will require government-level
partnerships. And secondly, India will need to ramp up the number
of IS professionals in the country— to not only meet its own
shortfall, but also to build a surplus that can be leveraged for
global requirements.
Contact the writer at
punita@expresscomputeronline.com
|
