When Security is Mantra Then the Security Consulting is Tantra
"300 Lithuanian sites hacked by Russian hackers"
"In September, Google mail accounts of key government officials were tampered with and earlier, passwords and login names of the National Defence Academy and key Indian embassies were splashed by a hacker on this website"
"India's External Affairs Servers Hacked By China"
How often we get to hear such news....
...
many times... huh!!! Despite many such incidents that take place, only few see the lime light. Reason being most of the companies don't prefer to reveal them, fearing there is chance of losing customer's faith. Incidents as these happen quite often and we react only when such incidents takes place. Most of the times we are reactive than being proactive! All such incidents raise a concern on how security is compromised and there is a great concern to curb such activities. The importance of information security and growing market for security consulting in India is driving me to write this article.
Don't care for security - This is what we normally hear from most of the start ups of India and few Small and Medium Businesses (SMBs). Reason could be that they don't have enough time for security, since they are busy getting their product out. But fact is, start up companies should take utmost care in protecting their intellectual property lest they might loose their competitive advantage.
Security is the way to go!!! Security is not a product, which you can just install and keep yourself safe. Security is not just a technology alone, it includes process and people who should follow the process with out fail. Most SMBs do not have dedicated security teams due to the smaller size of their operation, contrary to this few companies have dedicated security teams, but they lack certified security professionals. It is estimated that in India less than 2,500 professionals have specific Information Security skills, which represents only 0.5% of the IT workforce. Almost 50% (12 out of 25) of the companies do not employ certified professionals to manage their security. But reality is that for security implementation you need experienced certified people who are specialized and trained in core areas of security domain. Now how can you get such people? In India there are quite a few security consulting firms who can provide experienced certified external security consultants for hire.
As per the "The Forrester Wave":Security Consulting, Q3 2007" Over the past two years, some security service providers have registered growth rates in excess of 40%. The major driving factors for the security consulting market in India to grow are high rise in the complexity of IT implementations, Rise in the usage of on-line trading and on-line transactions, rise in the requirements of banking and financial services, BPO etc.
Consulting is projected to grow till $1.1 billion by 2012 in Asia pacific. Information security and services companies in India are now moving up the value chain to focus on information security consultancy, managed services, training and patch management. The information security (IS) market in India is growing at a rate of 50 per cent exceeding that of the software industry and presents a huge untapped opportunity to software companies. There are already quite a few good players like Deloitte, Wipro, Accenture, Ernst&Young who proved their mark with their consulting services in the area of information security, but there is a growing need and vacuum available for other companies to pitch into this market.
conclusion:
- Gone are those days when security was thought of as setting up IT infrastructure alone, it is now more than that, it has expanded to information storage, distribution, application level security, perimeter security and defining policy procedures for different kinds of information. Today's security consulting firms have trained people with specialized skill sets on standards like BS-7799, ITSM (IT Service Management), COBIT (Control Objectives for Information and Related Technology) and the ISO-17799, ISO 27001. Companies who are working in an off shore model may take services from security consulting firms to keep themselves compliant to regulations that are followed by their foreign counterparts.
- Companies working in an offshore model can get an added advantage in hiring external consultants. These consultants look at organization's security set up from outsider's perspective and are in a better position in identifying the loop-holes.
- Companies should enhance their security perception by involving the top management in drafting and reviewing security policies and creating a provision for security in their budgets.
Its quite evident that security consulting in India is going at a rapid pace. India has a right blend of technology and skills to provide top notch services and grow as a top class security consulting service provider.
Finally, as the meaning of Tantra goes - any service that is concerned with ritual acts of body, mind and speech is called as Tantra. That's why I say, When Security is Mantra then the Security consulting is Tantra!!!
Gloss