As the Middle East industry picks up speed for security and related issues, industry players are seeing security management issues and enforcement of security policy enforcement within an organization as the two most important aspects to enable a secure infrastructure. While solutions are many, taking an integrated approach to security is key. And organizations are asking how. Going ahead, as the industry gears up to sees a build out of new models and organizational growth, SAME rounded up the industry to give readers a view on the big trends in the industry.
Inside job: curb the enemy within
If there is one area in security management that has come under significant focus, its managing and monitoring peer-to-peer (P2P) data flows and communication within an organization. Putting in place policies and enforcement of these policies, according to industry experts should be considered as top priority in any organization. Policies are not only proving to be crucial in ensuring that productivity levels are met during working hours, protecting company networks from any malicious content or intent, but it is also an imperative tool for meeting legal and regulatory compliance norms.
According to StoneSoft Middle East VP Jari Valvisto the industry was seeing manageability and enforcement of policies picking up speed.
?Customers have the technology, but it is not integrated enough for it to function as a centrally managed solution. E advise organizations to first put their security policies in place followed by a multi-layered security infrastructure,? Valvisto said.
?Enterprises have realized that there is a great threat in content that flows from within an organization to the outside," Websense VP EMEA Geoff Haggart. "Therefore managing people on the inside has become very critical.?
According to Haggart, Websense initially started out in the web content filtering segment to monitor content from into an organization from the Internet. But will now also focus on inside to outside content flows.
?It is all a build-up effect. There are a number of ways including hacking tools, storage sites, malware, etc that employees in an organization can have access to. Threat management needs to encompass this as well. Centralized management and strong policies is the way forward,? he added.
Also in the web content and e-mail filtering market, Surf Control PLC said customers today across key emerging markets were looking for centralized management, strong monitoring and reporting tools.
?Companies can set policies easily, but enforcing them is of prime importance and the solution implemented needs to be flexible enough to take in specific needs of an organization,ö said the company?s sales manager MEA Simon Moxham.
According to SurfControl Senior Product Marketing Manager Patrick Irwin the broad trends in the security market currently building out were across three important areas -- productivity, legal and regulatory compliance, data security and bandwidth/optimization of company resources.
Security major Symantec Corp. also takes the view that internal employees are as much a concern for a company as external hackers, sometimes due to the lack of knowledge and sometimes due to negligent practices.
A Meta Group Inc. report that said 75 percent of organizations identify a lack of user awareness as moderately or severely reducing the effectiveness of their current program. Additionally, 66 percent cite executive awareness as a concern.
?Enterprise security departments face a challenging task of creating security awareness among a widely distributed workforce,? said Kevin Issac, Symantec Regional Director for MEA.
Keeping this trend in mind, Symantec has launched the Symantec Security Awareness Program -- a set of training and communication tools. This fully Arabised program is designed to assist companies meet regulatory requirements for employee security awareness training while reducing vulnerabilities and aiming to create a more security-conscious workforce.
Just one layer is not enough: get specialized
Making sure your organization stays secure is not anymore a one product, one solution situation. If one is to go by the market trend, a much layered and often specialized security infrastructure is what is required. Trend Micro MEA Managing Director Justin Doo said its important for the security strategy to make sure that the security implemented does not have a single point of failure, but has a segmented and layered approach that will protect different data in different ways.
?Network segmentation, prioritization of data is a big focus. Every company knows that its network will be attacked, but organizations need to segment their network and data and prioritize how much security they need to put in place depending on what the data is,? said Doo.
Going by this theory, a company may want to have its critical data being protected by more than three different types of security solutions, while basic noncritical data that is unconnected to critical applications may need just basic security. This way also isolated the threat and stops spread.
Interestingly, Doo said the Middle East market, owing to its emerging status has often leapfrogged technology and therefore has less legacy systems.
?So typically, companies in the SMB space in the Middle East may also show behavior patterns of large enterprises with high IT maturity levels. So the important thing is to use the technology and knowledge these companies and market has to specify the requirements,? he added.
?End users want specialized products and over the last 10 years demand has also grown. So a single box suits all does not work anymore,? said Borderware International VP Peter Cox.
Borderware mainly plays in the specialized products space offering e-mail security products.
?There are three categories of specialized products -- web-based service security, e-mail security and web content security," said Cox. "Borderware believes that its play is to ensure end-to-end e-mail security, which includes e-mail delivery, protecting corporate e-mail delivery, content protection, message/content integrity checking and e-mail encryption."
? ROI on security is not easy, but with specialized and segmented products like ours the inbuilt monitoring and reporting tools make ROI a very tangible component of security,? said Borderware Regional director Dean Bell.
Security services player Comguard also seconds the move into specialized security services.
According to the company?s MD Herbert Kamensky, Comguard was seeing more customer requests to use specialized security solutions to integrate all components of the security infrastructure including virtual and physical security. Perimeter security, in the form of sensors, infrared detectors etc were also expected to become an important part of the layered security rollout, according to Kamensky.
Managing security 24x7
With round the clock manageability now almost a given, traditional data hosting and web hosting service players are keen to hop onto the security bandwagon as well. What this puts on offer to customers is easier security management, a robust security layer and also options to pay as per use.
Etisalat Corp. owned eCompany is planning to move into the managed services and security management space in a big way.
?ECompany is already a player in the managed services space offering managed hosting of applications, databases, operating system and hardware. Now security will also be a part of the offering as we focus more towards customers rather than products,? said eCompany General Manager Ahmed Abdulkareem Julfar.
Using its SOC (Security Operations Centre) in Abu Dhabi and Dubai, eCompany said it plans to help its customers establish centralized security policies, offer extensive risk assessment and implement security layers.
EHosting Data Fort?s Regional Sales Manager Sachin Bharadwaj said it plans to offer security as a service on tap to DIC community members.
?As ASP we offer firewall and anti-virus protection as a service within DIC," he said. "Most company that set up operations have just the basic layer of security and using the ASP service they can get access to a robust security offering which is better managed on a round the clock basis."
New player Fusion Distribution plans to enter the Middle East market as a key distributor to two security players -- Surf Control and MessageLabs Ltd. with an out of the box web content filtering and ASP-based e-mail management/anti-virus service respectively. According to the company?s MD Tim Martin the two key areas in the industry today were security and storage. As part of its business, the company will work with partners to offer the Message Labs e-mail and antivirus solution as a managed service.
?Message Lab?s ASP model has so far met 100 percent of its SLA agreements on a global scale and going by its model the costs work out to US$2 per user per month. This is a very competitive offering for a robust solution,? said Martin.
The entire ASP service will be managed out of Message Labs global server farms located in different regions. To add to this, Fusion Distribution also plans to set up a 24x7 technical support in this region as well.
Mobility needs security, too
This is clearly the next point security players are raring to head to. With the organizational perimeter now extending beyond the enterprise to mobile access equipment, products targeting the mobile worker, some players and their products are ready to get on the ground very shortly.
Trend Micro Inc.?s offering in this space will be its PC-Cillin solution for desktop and wireless appliance security solution for smart phones, Palm PDA?s and the like.
Similarly, Surf Control said getting mobile device users to also comply with security policies is important and the company?s Surf Control Mobile Filter solution will enable this. The solution will see a small client side application loaded onto the mobile device, while the other part will rest on the corporate server. The minute a worker tries to log onto the Internet, the client application will conduct an instant handshake with the corporate server to determine preset data access policies. Depending on these policies, the work will be granted access to the sites he/she is visiting. This way the solution ensures that organizational security rules are still met with even when out of office.
Purely to support security in remote access, Secure Computing Corp. (which is planning a base in Dubai shortly) said it will offer a special version of its Safeword solution as a low cost option to enterprises. Priced at $120 per use for the entire solution, a software, a server-based solution and an authentication token the company, the company believes it will be a perfect fit for the SME market.
According to the company?s Regional Director MEA Peter Barlow, enterprises are keen to understand and secure their enterprises end to end. Remote access and security is therefore an important part of the deal, said Barlow.