>
industry perspective
Security Solutions for the Public Sector
“Governments tend to leave the security decisions to their integrators, our recommendation is that it is a mistake, as governments need direct access to security, even if the security comes through integrators�, says Chris Fedde, President and COO, Safenet Inc. 28 }
w w w.egovonline.net
ov
In your opinion, how important is information security for the public sector? Information security is much more important now than it ever was. There has been a long history of governments protecting government information. However, they took a long time to learn how to do that- to learn how to build infrastructures and to protect government secrets. But now, what is more challenging to them, is protecting individuals’ identities, and more importantly, information related to individuals. Since information is now electronic and all the areas that hold information are connected, the threats are learning how to access that information. What is becoming more important in the public sector is the ability to protect that. By more important, I mean more challenging. As it is a new area for the governments, it has taken a different set of security equipments, products and procedures to protect individual information than what they are used to, as far as protecting infrastructure is concerned. Our expectation is that we will be able to bring expertise that we have, things we have learned and will be able to be good suppliers to India in this initiative. What is the vision/goal of Safenet, being the global leader in information security. Ourvisionhasalwaysbeentobeoneofthelargest‘puresecurity’ providers. In other words, there is nothing in Safenet that is not security related. That is all we do. Our belief is - if we are going to provide security to the most demanding customers, by demanding customers I mean, financial institutions and governments, and very large global companies, then we are going to have to understand all of those industries, all those verticals from a systems point of view, and then let that understanding dictate our product strategy. So our belief is that if we are going to be suppliers to those kind of industries, then we are going to have to be a large security supplier with lots of technologies because none of these products, none of these systems, none of these problems get solved with a specific set of technologies. Everything is an accumulation of technologies that are used in different ways. Thus, our vision is to be one of the largest pure security suppliers so that we can continue to be successful at these very high levels. We work with very important verticals, on a global scale. There are not many companies that are bigger than us that are just security providers. So, our mission is to keep expanding the verticals that we can supply. That means that we have to maintain our size and our profitability as it is our profitability that allows us to turn dollars back into engineering for that product development. Like many high tech companies, we have a very large percentage of employees that are engineers, which is almost half of the total employees, that is a lot of engineer horse power that has to be pointed at exactly the right direction for our future products. What are some of the key security solutions that Safenet offers for government sector and private sector organisations? What are your company’s competitive advantages in light of other such players in the market? One of our corporate objectives is to be a supplier in areas that we would say were under-served. Areas that do not ov
April 2008
have adequate security are usually the areas that require high level of security If we have successfully identified those areas then we will be one of the largest or the largest suppliers, because that is what we look for. We are presently in these general categories so to say. On the out set, I would say, one category is the authentication category, which includes variousproductsandtechnologiesthatareneededtogenerate identities, to protect identities, to distribute identities. Since all these apply to systems or infrastructure that has to be protected, we concentrate on this vertical. Another vertical is securing high speed communication. This includes high speed optical encryptors. Our biggest customers in this area are governments, financial institutions and the likes. Here, we are talking about big iron encryptors of very high speed. In the case of government, we apply it to satellite communications. Third vertical is protecting softwares. People who have the rights to software want to protect it against piracy. They want to license it and want to make sure they get paid for the licenses. We have products that we customise to their
There has been a long history of the governments protecting government information, and they took a long time to learn how to do that- to learn how to build infrastructures, to protect government secrets. But now, what is more challenging to them, is protecting individuals’ identities, and more importantly, information related to individuals software that safeguards their interest. Most of the time, it is a physical token, like a USP token, as they need the highest level of security. The fourth one, which is least known but is very important to us, is taking the technologies from the first three and providing those as embedded technologies to other commercial companies that want to put security in their products. We provide designs to custom integrated circuit vendors, we also provide circuits to telephone industries. A high percentage of phones have Safenet security, even though you would not associate Safenet with the telephone industry. That is the kind of reach that we have into the real commercial industry. Regarding India, what do you think about the markets here and how aware do you think is the government here regarding information security compared to other countries? India is doing things that most large countries are doing now, that is, taking steps to protect identities, protect individuals, protect their rights and it is doing it with the intention of employing very modern techniques. Even if you look at smart cards, which is of course not new, there are technologies in new smart cards that are new. If you look at what the Indian Government is specifying for e-Governance for passports, it is not just smart cards, it is smart cards with micro processor 29
industry perspective
>
type of capabilities. So, I think they are doing things that we see most countries doing on that scale and they are also doing it in such a way that they can achieve convenience for people and reduce costs. It has not been until recently that all this has been done- raise security, raise convenience, reduce costs. That is a unique combination, but it is achievable now. I also
The governments need to have direct access to the security providers as very often the integrators do not have the security knowledge and therefore are prone to make mistakes think that their timing is very interesting as they are doing it at a point of time where they can identify how to get that done and get it done right and not have to spend a lot of time testing pilots and trials. They are going straight to systems integrators, to security providers, to get it right the first time by using very modern, state-of-the-art solutions to do that. Another example of where other countries started in a wrong direction and had to change later was that they used smart cards or any other tokens for identities without realising that they had to use the same infrastructure, the same token, for lets say physical security too. From what I have been reading, the Indian Government does realise it and it does seem like they are taking advantage of what is going on at a global scale and executing it in a manner that should lead to success. What are the various areas where Safenet is working in India? As mentioned, it is an interesting period for India overall. A lot of things are happening, infrastructure is being rolled out. There are two- three specific segments that we look at, one of them is banking and finance, another one is authentication solutions where we provide smart cards and tokens. Another space is in terms of software protection. As IT development in general, that is taking place in India, is an area of interest for us because that forms one third of the total commercial security business. Another important area for us is securing the links. If we talk about the State Wide Area Networks and various defence related projects, we have link encryptors that we believe can add value to the infrastructure out there. So both in terms of providing infrastructure security solution to the end user, as well as enabling our ISPs to develop secure solutions, so that it becomes a distinguishing factor for them when they are competing against others, is what we want to work at.
providers as very often the integrators do not have the security knowledge and therefore are prone to make mistakes. Thus, people, especially people like us, who have experience in the field, want to help the government understand the security implications because it has to be built right from top even if we end up providing it through a third party, which, we usually do. But buffering themselves from the security vendors is a mistake and will lead to less than ideal solutions. Could you tell us about Safenet’s work with the public sector? We have always found it to our advantage to be very open with the information flow to government. In other words, most companies seem to build walls, have proprietary issues and try to stay separate from information sharing back with the government. However, we find it to our advantage to be open to the public sector. Because the public sector is such an important part of our business, we are used to spending our money to uniquely address the public sector. That means that we have to be able to tell them where we are going. We have to solicit from them, as to where they see their programmes and know where they are trying to get, so that it affects our product development, so that we can make changes to our products to better meet their requirements. Thus, we have never turned down a chance to share what we are doing with the public sector. Could you tell our readers about Safnet’s border line security solutions and how it helps the governments? There was a realisation by us from a security stand point that when you are protecting even a network, you cannot just interpret that in a traditional way and by that we mean that a network, and virtually all networks are global. They are highly comprised of people who are not physically present, who are remotely accessible, who may not be employees, who may be partners. And as it gets more and more wireless, which
What are your suggestions to the government officials planning and implementing the e-Government projects and programmes in terms of security risk management? Governments tend to leave the security decisions to their integrators, our recommendation is that it is a mistake, as governments need direct access to security, even if the security comes through integrators, which it probably will. The governments need to have direct access to the security 30
w w w.egovonline.net
ov
obviously it is, then it proliferates to a point where networks have no boundaries and historically, security issues have been solved through boundaries. Security, through the ages has always been brought by building walls, and in the case of electronic security, with electronic equivalent of walls. Thus, the history has always been to isolate and protect. However, our belief was that the whole model was doomed to failure because networks did not look like that, and if they ever did, surely they do not now. What we tried to do, especially with the government (as most governments are traditional thinkers) was to make them understand that you cannot solve security issues by building walls, electronic or physical. You have to look at a network as not having any edges, not having any defined boundaries to protect. And once you look at it that way, the whole method by which you solve network security changes radically. It was our belief, that that it is the only way to address security requirements in the future. The governments for a long time said that they understood that
it was how the commercial markets were evolving but they were not going to. However, it did not work that way as the government markets, with time, tend to go virtually the same direction as the commercial markets. There are almost no exceptions to that. They may resist it for security reasons, they might take longer for lots of valid reasons but governments almost always eventually follow the same architectural concepts as the commercial sector. If we look at the commercial side, the boundaries have since long lost any meaning. It will eventually be there at the government side too. This has been our philosophy, as we design our security products, to understand that there are no longer any edges that we can guard anymore, that we have to protect networks in a different manner, whether they are commercial or government. Could you tell us a little more about Safenet’s plans to expand in India? We are very excited about the opportunities in India. We are very accustomed to investing for large opportunities, putting people power where we need to, spending where we need to, to address these large opportunities. We take the lead from people working here to tell us what we need to do in order to address the larger markets here. Unlike smaller security companies that can not afford to tailor security to any one customer, we can, if we need to, have security unique to the Indian Government, which again does not automatically mean that we will, but it is an idea that we are certainly comfortable with, if the market’s need be. We expect to use this operation here as the launching point to be able to do larger programmes in India.
India slips on UN e-Government survey In e-Governance readiness, India has fallen from a rank of 87 in 2005 to 113 in 2008 on e-Government readiness. According to the UN e-Government Survey 2008, India has slipped 26 places in the last three years and been overtaken by countries like Maldives (ranked 95), Sri Lanka (101) and even Iran (108). Sweden has surpassed the United States as the leader in the overall e-Readiness index, with Denmark, Norway coming in second and third respectively. The US slipped to fourth place. Pakistan
ov
April 2008
and Bangladesh have both improved and climbed to 131(from 136) and 142 (from 162) respectively. The fourth edition of the UN survey measures the progress made by various member states in drawing and implementing e-Government policies to improve public services. It uses e-participationandweb assessment astwo broad categories to rank countries on the basis of e-Information, e-Services and e-Tools provided by their governments to meet the demands of transparency and accountability voiced by citizens. In the e-Participation index, India was ranked 49 globally, whereas in the web measurement assessment, which measures the online presence of national websites, with those of the ministries of health, education, welfare, labour and finance of each country, it was ranked 54. www.unpan.org
31