People, Process and Technology are the 3 main ingredients of any Cyber Security Organization
Forcepoint, the company that has been working on a “People Centric” security framework for their cyber security operations. Surendra Singh, Country Head, Forcepoint discusses the projects and technology frame work they are concentrating on developing.
With the increase in cybercrimes and loss of valuable data, the world is taking measures to build strong cyber security systems. Surendra Singh, Country Head, Forcepoint discusses the ‘People Centric’ security framework which has been efficient in developing stronger security reforms in an interview with BW Businessworld CIO. While understanding what are the pillars of a cyber-security based organization he states that, “People, Process and Technology are the 3 main ingredients that shape the company.” He further adds to that by saying, “Somewhere the people’s aspect has been left out of the main ingredients and can compromise the organization.”
What is the ‘People Centric’ security framework?
In any cyber security organization there are 3 main ingredients that shape the company are the people, process and the technology. However cyber security has been one area where the vendors and customers find that the focus of these companies is only to drive the technology and the process. Somewhere the people’s aspect has been left out and this results into many accounts being compromised and can also affect organizations to loose important and confidential data. We believe that we should have the ability to identify different types because 99% of employees must be given lenient security policies and that would provide transparency to them and the rest 1% should not be given the same privilege Initially we were doing the same thing what the world was doing and missing out on the people’s aspect. After our acquisition with Rathion we developed a security framework which was more people centric. They have the ability to identify any security risk in terms of human behavior and can prevent any user to compromise their system by hackers. Weather the attacks are originating from outside or inside of the organization would help us in easily identifying them and preventing them from doing massive damage on the digital front.
How did Forcepoint establish itself in the field of cyber security?
We are a known player in the market with a new brand and a new positioning in the cyber security industry. When it comes to discovering the work done at Forcepoint, there have been two most popular points of discussion. The digital transformation and the cyber security are the fields where we have provided our contributions. Both are co related with one another because as the world goes digital the hackers get more opportunities to breach through personal data and the economy. As per Gartner the whole world would be losing 2 Trillion Dollars in 2019 in cyber security simply because of the digital transformation. The manpower to give counter measures to fight hackers and avoid cyber threats are very low. As far as Forcepoint is concerned we come from a company named Websense and have been in India since more than 10 years and Raytheon along with Vista Equity Partners bought Websense and formed Forcepoint to run their cyber security division.
How does the system analyze who or what is a threat to the organization?
The technology monitors everyone and with the change in behavior and it is able to analyze how certain groups in the organization are working under the provided security policies. Hence the technology is able to identify the ones exhibiting the risk profile that is higher than a normal one. If for example I am in Delhi and someone tries to remotely log into my profile sitting in Bengaluru, will reflect on the common system. The system then identifies and recognizes if it is me who has tried to log into my account or a hacker and then notify the system administrator to check on the problem immediately. Sometimes there are multiple indicators that are collected and analyzed on the basis of high and low level risks too. The technology is involved with its users and provides a human touch in assisting them with the right security measures and analyzes the information accessed by the employees and weather it is supposed to be passed on and distributed.
On the technology front how would you define the company’s strategic pillars?
I think the people’s aspect is very important and the way it works is to really secure an organization you need multiple different technologies. In our line of work we call them firewalls, anti-virus and many other names and they are not unified and have its own way to deal with errors and threats. What Forecpoint’s strategy is to create a unified base for all these technologies to enhance the security of a system. This technology is also backed by human behavior analytics which is all about bringing in the human aspect to behave like a brain for different products and make them work in a unified manner. Today all the security solutions used by customers are disjointed and therefore they are spending more time in integrating solutions and spend more time during that process. Hence our core strategy is to create a unified system backed by the human aspect to deal with technological and humanistic threats which is also our goal for the next 18 months. We have all the necessary ingredients including human behavior analytics and we are making a unified and singular platform for cyber security.
Digital business requires security that goes beyond technology. How do the products delivered by Forcepoint meet those requirements?
Organizations are only buying technologies and it is not an optimal investment in order to find quick and effective solutions. If we talk about security that goes beyond technology business we find that businesses want to increase productivity and collaborations. Technologies like cloud and mobile, mobility becomes easy which allows to store data in the cloud from any location and access it according to the security norms. The visibility is limited to the point from where the user decides what to do with that kind of information and companies increasing their spending for security don’t realize it.
Organizations need to comprehend two areas which we at Forcepoint are working towards the is the adoption of technology and increasing productivity and policy adaption of new users entering into any organizations. Our company balances the investments made by organizations and provides security solutions that also help the user to make it more productive to their data centers. The human aspect as discussed earlier helps us in identifying the users who are gaining access to the cloud, the reason they are accessing any information from there and overseeing every activity and inspecting the user’s behavior according to the security norms set up for him/her. The ‘Human Aspect’ is a brain of the technology and that is how it provides security in digital businesses.
Where do you see the technology backed by human aspect in the next 5 years?
Honestly, it is difficult to see how the future would pan out because after covering security for 20 years I have seen many new innovations come up every year in the security sector. Vendors keep bringing up new technologies to combat the existing risk and hackers are also investing in man power and technology and this is a war that will go on for a very long time. What can really make a difference is not technology alone but how the governments of various countries are willing to work together. Because when it comes to cybercrimes hackers are using the internet to use false identities and attack random countries. Governments in such cases because of extradition treaties don’t share any information in identifying the source of attacks and hence trillion dollars in today’s time has already being spent and we have found only limited ways of responding to the attacks which is the same scenario worldwide.
Technology will always keep coming into the market and it will have its good side and bad side depending on how it is used. The biggest challenge we all face is the distance to which internet provides. Digital is expanding the threat surface and the it is giving a lot of space to the hackers to exploit and then you have a lack of cyber security professionals which is another difficulty faced by our industry.
While India is becoming digital day by day, where do you see the government’s support towards the cyber security industry?
The awareness amongst various government departments is much higher while the country is becoming digital. We provide solutions to various government departments ourselves and today they are going for the best and latest technology. But as a security framework where the government analyses how will they partner with private companies, they need to understand which companies can be trusted and will they share the necessary data during the course of the attack. There is a similar relation between private firms as well, if there are any security breaches in another company the organizations don’t share any information about it. The Indian government needs to be cognizant regarding the security frameworks and the contributions that the private cyber security firms are going to provide. Until we come up with a unified solution for that point, the government still needs to work on it and partner together to come up with unified solutions to any security breaches.