The way of business solutions www.insightssuccess.in September 2016
THE
10
Get a grip
Most Most Valuable Valuable
Things to be considered for Managing IT Risks
Enterprise Security Solutions
Highlights
Provider Provider Companies Companies 2016 2016
Tactics to be Followed to Ensure Best Enterprise Security
Chalk Talk A Truly Innovative Way to IoT Manage Security Risks
Anurag Mehrotra CEO
CMS IT Services: Leveraging Emerging
Technologies in a Disruptive Technology Environment An application centric cyber security strategy needed to survive the onslaught Mr. P K D Nambiar
Chuck all the Competencies and just focus on ‘The Joy of Serving’ . . . K Srinivas Rao
Flag Communications
The Strategist
Cyberspace, a Domain Created Not By Nature But By Human Beings . . . Kshitij Adhlakha A & R Info Security solutions Pvt. Ltd
Editorial
E
nterprise security is becoming a burning issue day by day as the digitized market has been steadily growing over the last several decades. India is becoming the world’s fastest growing ecosystem, as the record says- from 3,100 startups in 2014 to a projection of more than 11,500 in 2020. This is a revolution, which is going to change the way the markets in India are working today.
How Secure are Indian Enterprises today?
As Indian market is growing in a fast peace, India is moving upward for implementing cyber-security. Indian enterprises have realized the connotations of ineffective info-security measures. Although, awareness for cyber-security is on the rise, with organizations, government and even consumers recognizing the need for strong security measures, implementing cyber-security which is complicated. However, India has a unique polarity, country has a well thought of its prowess in information technology and the large space of accomplished youth, still there are many areas across the country that are still in developing phase and are away from broadband internet & consumer IT infrastructure. In Rural India, 70% of the active Internet users also access the Internet using mobile phones, while 32% use internet only through mobile, the IAMAI report suggests. For many others, the quintessential cyber-cafĂŠ is still the most reliable method to get online. The report disclosed that 40% of active Internet users in rural India still rely on community service centers and cyber-cafes. Besides that, some of India's largest cities are relying on the 4G and LTE wave. Every day newer, more sophisticated attacks emerges, even as security systems that were once considered insurmountable are outdated. The security outlook is complex and webbed than it was a few years back, advanced persistent threats involving dynamic Trojans, zero day attacks, different types of phishing & pharming, Man-in-the-Middle (MITM) stealth bots, Man-in-the-Browser (MITB), and Man-on-the-Machine (MOTM). Therefore, the cyber-security challenge before enterprises today is examining that enterprises need to solve whether their security measures are adequate of keeping pace not only with the continuously growing mass of active internet users in the country, but also with the ever-changing cyber-threat landscape.
Editor-in-Chief Pooja M. Bansal Managing Editor Sonal Burghate Co-Editors Abhijee Parade Archana Ghule Pooja Jain Musna Mony Art & Design Director Amol Kamble Co-designer Harmeet Sigh Picture Editor Alex Noel Art Editor Shaila Visualiser Shweta Shinde Business Development Manager Manisha Priya Marketing Manager Karishma Joshi Business Development Executive Akansha, Pooja, Ketan, Gopi, Savitri, Ankush Research Analyst David Circulation Manager Swapnil Database Management Sharad Technology Consultant Vishal More sales@insightssuccess.com
September, 2016 Corporate Ofď€ ces: Insights Success Media and Technology Pvt. Ltd. Ofď€ ce No. 513, 5th Floor, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: 020-69400110, 111, 112 Email: info@insightssuccess.com For Subscription: Visit www.insightssuccess.in 6
Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754, (302)-319-9947 Email: info@insightssuccess.com For Subscription: Visit www.insightssuccess.com ,
Contents Cover
8
story CMS IT:
Leveraging Emerging Technologies in a Disruptive Technology Environment
26 36 Chuck all the Competencies and just focus on ‘The Joy of Serving’ . . . An application centric cyber security strategy needed to survive the onslaught
20
22 A Truly Innovative Way to IoT Manage Security Risks
40 Tactics to be Followed to Ensure Best Enterprise Security
34 Cyberspace, a Domain Created Not By Nature But By Human Beings . . .
Things to be considered for Managing IT Risks
16 18 ACPL: Your Information Security Partner
AKS IT Services:
24
Leading IT Security Services and Solutions Provider
30 Avyaan: Way to Protect Your Data
Lyra Infosystems:
32
Enabling IT Evolution
42 SecureLayer7: Time and Again Securing You
Veeras: Partner for Progress
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
Enterprise Security Prioritized...
A
t the age of the digital era, organizations are opening up the room of opportunities for the businesses through its online presence. They seized the arm of cloud computing, social media, and mobility to improve the efficiency of businesses. At the same time there are increasing attacks putting organizations’ valuable asset, their information, at risk, which is urging for the compressed security needs. There are too many companies for providing its integrated security services and solutions for enhancing the security readiness of your enterprises. Insights Success is honoured to rank an exclusive listing of India’s 10 Fastest Growing Consulting Companies 2016. These companies are shortlisted as per the parameters such as profit, sales, capital return and market capitalization. ACPL Systems has been shortlisted for its offerings of leading-edge technology solutions, and its expert professional and managed services with proven methodologies. AKS IT Services, for its leading IT Security Services and Solutions, whose work spans from auditing & consulting, IT security training, cyber forensics to product development and reselling major security products. SecureLayer7 has been ranked as per its leading integrated business information security that specializes in comprehensive IT security services. Veeras is filling a charm in this issue who is a new age IT Infrastructure managed security service provider delivering timely solutions enhancing operational excellence of your business. Mirox Cyber Security & Technology, KernelSphere, and Magic Systems are also shortlisted for its service excellence. In this issue, we have featured CMS IT Services as a cover story, on the basis of its performance in Indian IT Industry for the last 4 decades. The company provides cost effective and cutting edge IT infrastructure solutions with their services span across Infrastructure Management Services, Product Support, IT Support and Professional System Integration Services. These shortlisted Security provider companies are delivering best-in-class services for their customers and have ability to adjust with the ever-changing needs of your growing business.
Cover Story
ANURAG MEHROTRA CEO
Cover Story
CMS IT Leveraging Emerging Technologies in a Disruptive Technology Environment
I
n the last few years, there has been a rapid evolution of technology solutions, particularly around digital technology and Cloud arenas. Most of the C- level executives would have made a beginning in these areas. However, the key to any technology adoption is to measure the business value it delivers. The investment is clear, but the return on investment is not, since delivery is still measured in IT terms such as SLA achieved or uptime.
CMS IT believes in the business value of IT and also believes that all their actions should be focused on measurement of IT efďŹ ciency & performance in business KPI’s, termed as Business SLA Management. Consequently, all their solutions and IT service models are oriented towards Business SLAs and they have the necessary frameworks, tools and processes to measure the same.
Eminent Leader behind CMS IT Services Anurag Mehrotra, CEO of CMS IT has been instrumental in conceptualizing and incubating business ideas and scaling them to a leadership position in the market. At CMS IT, he provides strategic leadership to transform and grow services business portfolio by focusing on delivering value to Enterprise Customers through Predictive IT Support Services delivering Business SLAs and Professional System Integration Services. Anurag holds a B.Tech from Indian Institute of Technology Kanpur. Prior to CMS IT, Anurag worked with companies such as HCL HP, IBM, Sun Microsystems, Informix International and Wipro Ltd.
Cover Story
First, having the right people, who have an adequate experience of handling interplay of diverse technologies to conceive and implement new age SI projects. Second, having the right technology partners backing them in areas such as Cloud, HyperConvergence, Mobility and Information Security. And finally, Strong Governance to ensure quick decision making and an ability to promptly and properly address issues that come along the way. CMS IT’s Product Support Services CMS IT believes that service delivery
quality is the first casualty as cost pressures mount on projects. CMS IT takes a holistic view of PSS. “Cost effective is not what we aspire for; value effective is what we strive for,” says Anurag. To maintain the “value effectiveness”, CMS IT has key drivers such as Certified Consultants, that are experts in their technologies and areas of work; a “Technology Doctors” Group, which consists of technology experts across domains and across regions, ensuring proximity to customers as well as sensitivity to customers’ needs; and Strong Governance to track Service Quality; Contract, IT & Business SLA adherence; with the focus on continual service improvements. CMS IT’s Cloud Services CMS IT’s services are designed to help clients make the right choices to maximize returns from their cloud investments. Besides that, their understanding of legacy infrastructure and applications allow them to deploy and manage solutions that co-exist onpremise and on the cloud. This helps lay the fundamentals for the digital
enterprise of tomorrow. The true potential of cloud is realized when an organization is able to run workloads seamlessly off the cloud infrastructure. With business-critical workloads moving to the cloud, it is paramount to ensure that these workloads operate seamlessly at improved efficiency in a secure environment. CMS IT's services include Cloud Migration Services, Cloud Security Services, and Cloud Management Services. All these Services are delivered from their state-of-the-art Cloud Services Center called “Nuvola”. CMS IT’s Robust and Secure Mobility Operation Center (MOC) CMS IT’s Mobility Operations Center is a state-of-the-art facility that provides 24 x 7 digital Services. This includes Mobility Application Development, Application Maintenance, and Digital Device Management. This is a shared service operation with a highly skilled and certified team of engineers, who manage the digital environments of
“
CMS IT’s Professional System Integration Services Customer rely on System Integrators to bring together several complex technology pieces as a composite IT Solution. These solutions are used by customers to differentiate with their peers, and deliver competitive advantage. Failure or disruption of mission critical applications will result in a serious impact on business operations. Keeping this in mind, CMS IT believes that the successful projects have three aspects:
CMS IT's Value Proposition is centred around three key pillars - Reliable, Robust, and Secure
Cover Story
This centre is ISO 9001 and 27001 certified, and has a BCP in Mumbai, has available toll-free lines and is working 24x7 to support customer requirements.
CMS IT believes in the business value of IT.
“
All their actions are focused
“
their clients. Also, this is a secure environment with robust Security and Automation, including Call Management systems and Enterprise Mobility Management / Mobile
on measurement of IT efciency & improved performance of business KPI’s.
Device Management (EMM / MDM) solutions. The Mobility Operation Centre is a key part of CMS IT’s growth strategy, which is considering the proliferation of digital devices in their clients’ environments as important manageability challenge. They have executed some very interesting projects from this centre. For example, for one of their clients, CMS IT deployed policies on the handheld devices across the globe leveraging a cloud-based MDM solution. The devices were BYOD devices used by multiple roles within the organization. There were 2 complexities with the requirement: • The MDM had to be configured with PCI compliance and hence required a complete understanding of PCI requirements and translation of these requirements into the MDM configuration. • The devices were spread across three continents, North America, Europe and Asia, and hence the configuration had to be done round the clock.
CMS IT Security Framework Expansion of business eco-system and resulting spread of IT eco-system has created silos in the enterprise security landscape. New threat vectors are emerging and threat complexity has increased because of quick adoption of SMACI (Social, Mobility, Analytics, Cloud, Internet of Things) and the absence of robust inbuilt enterprise grade security controls in these solutions. CMS IT’s Information Security Framework integrates “layered security controls” with the “emerging IT landscape”, giving customers the ability to leverage benefits of their SMACI solutions within a tight security umbrella. CMS IT’s Identity Threats Management Service manages the life cycle of identities as well as prevents privilege accounts from identity thefts and other malicious attacks. Its Data Protection Service enables security controls on data within the enterprise as well as data shared outside of the enterprise. Data protection control span across various types of devices that access organization information including
Cover Story
mobile devices, laptops, desktops etc. To tackle the swarming advanced targeted attacks its Secure Infrastructure Practice offers solutions such as Anti-DDOS, SSL visibility, DB Security and Web Application Security. As IT infrastructure continue to expand, the visibility and monitoring of network and devices gets tougher. CMS IT offers 24 x 7 support through its Security Operation Centre enabled by SIEM and APT solutions. It does real-time monitoring, log analysis as well as identifies zeroday/advance threats. IT’s Advisory Service Arm helps its clients to define their Security roadmap aligned with the latest security challenges. Security Program governance is enabled by a robust policy and process framework. To add corporate identity and access controls to cloud services CMS IT Security offers CASB (Cloud Access Security Broker). This Security framework enables centralized management of identities, better visibility of data and users; and behavioural analysis driven monitoring. Beyond traditional CASB, framework seamlessly extends controls to mobile devices and IOT. In addition to all above, they help the client create security awareness program tailored to target audience requirements and such endeavours have enabled IT users to be the robust defense against social generated threats. CMS IT’s Microsoft Security Unit Microsoft is one of the technology companies that has had tremendous success over the past few decades because of their relevant products that are theme-oriented for enterprises. Their Microsoft Business extends the value of adopting the right paradigms of SMACI for new models of collaboration for enterprises. CMS IT has delivered solutions across the spectrum of SMACI. Enabling social transformation of clients, building Mobility Solutions such as for Field Force Automation, providing Analytics solutions for visualization with Microsoft Power BI to help leadership in all business functions visualize their business better and make swifter decisions, leveraging the Microsoft Azure eco-system to deliver DevOps environments for clients, transitioning customers to O365 Productivity Suite and more. With their deep expertise in Microsoft technologies, CMS IT Services is addressing growth needs of clients across the enterprise with solutions that are easily deployed, and are affordable and agile.
CMS IT Differentiators India based customers are in a bind - large IT companies are expensive, focused on $ business, and unable to provide adequate attention to them. Many smaller companies have fallen by the wayside due to lack of management vision and inability to keep pace with market changes. In such a scenario, customers enjoy massive advantages when they engage CMS IT Services: • Robust Governance & Program Management • Reliable & Consistent services across distributed customer operations • Automation & Continuous improvement in a Secure environment • Delivery of complex SI projects within sharp timelines and budgets CMS IT Services aspires to take a leadership position across its key focus areas with the mission to continue to support India based businesses in their quest for improved efficiencies, differentiation through IT and desire to be globally competitive. Future Perspective Considering the fact that they have been a relevant player in the Indian IT Industry for the last 4 decades, CMS IT will continue to be a relevant player 5 years down the line. They intend to continue to be an organization that is focused on bringing the business value of IT closer to their customers. With its market initiatives, CMS IT Services has been experiencing an exponential growth in recent years whether it is in traditional areas of Managed Services or new paradigms such as Information Security Services, Digital Services, Cloud Services, and System Integration. Suggestions to Startups Anurag Mehrotra’s valuable advise to the startups, “Most of the startups that I have seen tend to get enabled by technology. They should be very clear about the specific business value they are going to deliver to their customers, and secondly, know the niche in which they are going to operate. Anything & Everything in IT should rally around delivering value around these key tenets.
MAGAZINE SUBSCRIPTION FORM Global Subscription 1 Year
(12 Issues)
Rs. 2500
6 Months
(06 Issues)
Rs. 1300
3 Months
(03 Issues)
Rs. 700
1 Month
(01 Issue)
Rs. 250
Date :
Name : Address :
City :
State :
Zip :
Check should be drawn in favour of : INSIGHTS
Country :
SUCCESS MEDIA AND TECH PVT. LTD.
Corporate Office Insights Success Media and Technology Pvt. Ltd. Office No. 513, 5th Floor, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: 020-69400110 | USA: 302-319-9947 Email: info@insightssuccess.com
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
Company Name
Management
Brief
ACPL systems Pvt. Ltd www.acpl.com
Vishal Bindra Founder & CEO
ACPL Systems offers leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your business risks are reduced, data is protected and business objectives are achieved.
AKS Information Technology Services Pvt. Ltd. www.aksitservices.co.in
Wg Cdr Ashish Kumar Saxena Founder & MD; Anshul Saxena, COO
AKS IT Services is a leading IT Security Services and Solutions provider. Their work spans from auditing & consulting, IT security training, cyber forensics to product development and reselling major security products.
Avyaan Labs www.avyaan.com
Tashish Rai Singhani Business Head
Avyaan is a premium cyber space security provider that helps its clients maintain the highest level of digital security for web and mobile applications, web servers, IT networks and other IT infrastructure.
Anurag Mehrotra CEO
CMS IT Services (A Blackstone Portfolio Company) provides cost effective and cutting edge IT infrastructure solutions. Their IT services span across Managed Services, InformationSecurity, Mobility, Availability Services and System Integration.
Vinod Kumar CEO
KernelSphere specializes in multiple aspects of Information Communication Technology that ranges from Application and System Development to Training and Infrastructure Development - Data Centre, Virtualization, Cloud Services, Network Security, Enterprise Management, and System Administration etc.
Rohit Sharm Founder
Lyra is a medium-sized multinational product and services company. Lyra is known for its code of ethics and professional conducts which has a dedicated team of sales, pre-sales, marketing, support and engineers; spread over India and Singapore, the company has a presence in all major and strategic cities.
CMS IT services Pvt. ltd www.cmsitservices.com
KernelSphere www.kernelsphere.com
Lyra Infosystems lyrainfo.com
Magic Systems Juned Shaikh Private Limited Sr. Techincal Executive www.magic-systems.com
Magic Systems Pvt Ltd is one of the growing company that ‘Bridging Technology Gap’ in this arena of where information security is more important that is what magic systems do.
Mirox Cyber Security & Technology Pvt. Ltd. www.miroxindia.com
Rajesh Babu Owner
Mirox Cyber Security & Technology Pvt Ltd is an IT Security and Networking Solution based company providing Training, Development and Solutions in Security.
SecureLayer7 www.securelayer7.net
Sandeep Kamble Founder & Lead Security Engineer; Kishor Desarda Co-founder & CFO
SecureLayer7 is a leading integrated business information security firm that specializes in comprehensive IT security services.
Veeras Infotek www.veeras.com
Sudarsan Ranganathan CEO & Managing Director
Veeras is a new age IT Infrastructure managed security service provider delivering timely solutions enhancing operational excellence of your business.
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
ACPL: Your Information Security Partner
16 September | 2016
Headquartered in New Delhi, the company has its presence in Gurgaon, Bangalore,Mumbai and Singapore. With the diversified technological partnerships with security and availability solution vendors, ACPL is providing a dedicated support portal with 24x7 tech support, and Incident Management
“ You focus on your business, we are there
to protect you
and your business
“
With more than two decades of experience in successfully handling the complexities of IT security for renowned enterprises, ACPL has established the large capability to address Information Security & Availability needs for enterprises. The company has more than 100+ highly educated and self-motivated Security professionals. Its team members have industry leading certifications like CISSP, CISA, and ISO 27001 LA, CCIE, beside loads of products specific technical certifications and most of all 10+ years of experience. With 25 years of experience, the company has the capability to handle complex multi-vendor and
heterogeneous client environments.
“
N
owadays, cybercriminals are continuously taking advantage of vulnerabilities and are compromising your critical IT Infrastructure. In-spite of measures taken by administrators these attacks are on the rise. This is because most of the IT team looks to solve this problem only by using technology and not through a holistic view of Information Security. This is where the players like ACPL come into play. ACPL is one of the top Cyber Security Services firms, ACPL offers leading-edge technology solutions, expert professional & managed services, and proven methodologies to ensure your business risks are reduced, data is protected and the business objectives are achieved. The company has earned trust by exceeding customer expectations consistently since its establishment.
ACPL has earned numerous awards and accolades such as PaloAlto Aprtner Award,McAfee Top Growth Partner Award, Websense Most Strategic Partner Award, Checkpoint Star Performer Award, Fortinet Best
Upcoming Partner Award, Channel World Premier 100 for 2010 & 2011, 2012, 2013,2014,2015,2016 Award, and Channel World Security Special Award 2011. ACPL’s Security Expert Vishal Bindra, Founder & CEO of ACPL Systems Pvt. Ltd. is a graduate from Delhi University and started his career by founding ACPL Systems in 1990 and co-developed Smartdog (India's first Antivirus) along with his two partners. Moving from there, Vishal he led the company and made it the most respected Cyber Security Company in INDIA. He has also founded 2 more startups and these companies are focused on developing the products in the space of Information Security and Secured communications. ACPL’s Top Notch Solutions ACPL understands that security goes deeper than software and applications. It touches every layer of your network infrastructure and requires a holistic defense strategy that aligns people, processes, and technology. Far from deploying a product that you can build and forget, true security needs to be fortified with continuous testing, monitoring, and review. ACPL Team works with you to identify weak spots in your network and design a custom security solution to aptly fit the needs of your organization. ACPL offers Information Security Solutions such as NG Network Security, System Security, Data
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
Security, Mobile Security, Email Security, Web Security, Database Security, Application Security, Cloud & Data Center Security, SIEM, Single Sign On, Adaptive Strong Authentication, Privileged Identity Management, Identity & Access Management, and Audit & Compliance. The company offers Information Availability Solutions which include Data Availability, System Availability, Application Availability & Performance, Data Availability, WAN Availability, WAN Optimization, App & Desktop Virtualization, and Enterprise Mobility Management. ACPL’s Services Anticipating, preventing, detecting and responding to threats require focus and dedication. ACPL team works to identify, understand and defeat threats as they emerge. They use the depth and breadth of experience to ensure that their clients remain secure. The company believes that implementing policies that make sense is the first step to ensuring compliance, reducing risk and enabling the business. They work closely to develop a practical and efficient framework which helps to achieve the right balance between risk and efficiency for their clients business. ACPL’s services include Design & Architecture Consulting, Technology Implementation Services, 24X7 Security Support Services, DLP – Incident Monitoring, DLP – Management & Support, Data Classification Consulting Services, Security Audits, Risk Assessment, Vulnerability Assessment, Penetration Testing, Managed Security Services, and Education Services. A Step Ahead with the Core Values
Vishal Bindra Founder & CEO Customer Focused, they believe to be someone who places customers and their needs at the forefront while developing and managing their information security & availability solutions. By spending valuable time with their customers, mapping their business objectives as per the security need. Mutual Respect, they are building mutual respect by being an equal partner, who knows and willingly shares, helping customers go further rather than walking ahead and leading them. Worthy of Trust, they are building a trust by choosing the right path rather than the easy path and tell the truth the way it is. Finally,
Winning, ACPL believes it is of paramount need to be positive and confident; seize every moment, every day, with a winning perspective, fearlessly facing the uncertainties of life. Today, data security is becoming an exigency for every growing organization. ACPL is fully equipped with leading-edge technology solutions. With in-depth knowledge of new emerging threats the company feels confident because of rich experience of 25 years.
September | 2016 17
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
AKS IT Services: Leading IT Security Services and Solutions Provider
Not only is the frequency of the attack increasing, year over year, the attack size has also increased at an unprecedented rate. Today, the world witnesses over 2000 attacks daily, that on an average inflict damage of $40,000 / hour to the targeted company. A leader in security services and solutions, AKS IT Services is becoming the trusted partner for the businesses to defend against these ever evolving DDoS attacks. AKS IT Services (an ISO 9001:2008 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider with over 4000 clients. Their work spans from auditing & consulting, IT
18 September | 2016
Adepts behind AKS Wg Cdr Ashish Kumar Saxena, Founder and MD of AKS IT Services, founded the company in 2006. An IT industry veteran holds an M. Tech. in Computer Technology from IIT Delhi; CISSP, CISA, MBCI, ISO-27001 LI, Chartered Engineer and Fellow of Institution of Electronics and Telecommunication
“We visualize a fully secure cyber world for a better, peaceful and progressive environment for mankind.
“
In today’s info-security threat landscape, DDoS attacks are a major cause for network downtime and are becoming more intense and complex. They are cheap to launch, costly to mitigate and can strike without warning.
security training, cyber forensics to product development and reselling are its major security products.
“
T
he internet has become a precious resource in the human lives. With such a huge web of information, deception occurs online which can become relatively easy to become victimized online. In this rapidly evolving threat habitat, how do you secure or stay a step ahead of the bad guys? The ongoing question is continuously finding, deploying, and managing the latest, advanced security solutions.
Engineers. He has held various appointments in Indian Air Force, including Chief Engineering Officer of a Flying Station and Joint Director
(Information & Electronic Warfare) at Air HQ. He is a recipient of the Vishist Seva Medal from the President of India. Ashish was the first Operations Manager of CERT-In (Indian Computer Emergency Response Team). Also, Ashish was awarded by Express IT award for best innovation of the year 2015 by the Minister of Communication & IT, Government of India. The Company is now being managed by Anshul Saxena, COO of AKS IT Services. Anshul has completed an MS (Information Security) from Georgia Institute of Technology, Atlanta, USA. With 7 years of work experience in managing Software Development & Testing, Anshul is the innovator of India’s first DDoS mitigation solution, ‘HaltDos’. HaltDos, AKS’ Innovative Product The company’s main innovative Product is HaltDos, a DDoS mitigation solution. HaltDos is India’s first and most comprehensive DDoS mitigation solution under Make in India initiative. It is a patent pending solution that uses artificial intelligence to automatically and intelligently detect and mitigate all types of DDoS attacks in real time. The company also provides Information Security Auditing, Consulting, Compliance, Cyber Forensics, Training, and Software Development Services to their clients. Auditing & Compliance: They do security audit for mobile and Web
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
based applications, Networks, Telecom, Clouds, and Industrial Control Systems. They also implement ISO 2700:2013, ISO 22301 and develop Crisis Management Plan for organizations. Cyber Forensics & Crime Investigation: They are experts in forensic examination of procured digital evidences for criminal investigation and provide tools, products and training for the same. Software & Testing: They develop custom based security solutions for their customers and are resellers of major security products in the Indian Subcontinent. They also perform functional and performance testing for Mobile and Web based applications. Training: They have expert trainers to train professionals in the security field by providing certification training for CEH, CISSP, CISA, etc. as well as general IT Security, business continuity workshop and vulnerability assessment and penetration testing training. AKS IT Services is No.1 in carrying out information security auditing, conducted over 5000 Application security audits. Last year, the company received the BEST INNOVATION award from Express IT for IT Innovation. AKS’ strategy is to provide high-tech cyber security products and quality services and don’t compromise on quality at any cost. They are deeply involved in carrying out R& D in Cyber Security domain and aim to bring out new innovative products under Make in India initiative. Overcoming Challenges AKS believes in Quality of Products & Services, which helps clients to enhance their security posture by
Wg Cdr Ashish Kumar Saxena
Anshul Saxena
Founder & MD (L)
COO (R)
providing World class security solutions. For that, they employ dedicated and committed employees with high integrity. AKS Team is expert in making complex issues simple by their expertise in cyber security domain, diligence and perseverance which helped in overcoming the road blocks. AKS clients are getting benefitted with the reliable quality products and services, which will ensure confidentiality of client’s data.
Future in Product Development In addition to being a renowned Cyber security service provider, they are soon going to be a Product Development Company par excellence. Cyber Security is a key issue globally. Indigenous development of products will ensure data security. And, AKS is on the right track, having the potential and commitment to carry out innovation in Cyber Security domain in ways more than one.
September | 2016 19
CXO Standpoint
C
yberspace, a domain created not by nature but by human beings, has emerged to provide tremendous benefits. However, technical innovation throws up new online dangers. A little knowledge about internet can give you sleepless nights. Cyber risks are now firmly at the top of the international agenda as high-profile breaches raise fears that hack attacks and other security failures could endanger the global economy. We have seen a huge rise in cyber crimes in past few years. As per PWC Cyber Security Incidents rose 48% to 42.8 million globally i.e. 1,17,339 attacks per day. In addition, it is also estimated that Cyber Crime will cost $2 trillion by 2019- Forbes. What is Cyber Security? Cyberspace is such a term, which is not yet completely defined and also has no geographical limitation. It is a term associated with the application of the Internet worldwide. Cyber security, also referred to as information technology security, focuses on protecting computers, networks,
Cyber Security & Games With the release of a very famous game Pokemon Go, it became popular among people in no time despite the application not being officially available in India While people indulge in the joy of chasing Pokemon, authorities have restricted the hunt citing security concerns. Many government agencies and companies have banned its members/employees from playing the wildly popular game while on duty, stating that the use of GPS and phone cameras on smartphones enables the viewing of restricted areas which can be a threat to national security. It is found that the app provider could intentionally spread Pokemon around restricted areas to encourage hunters to enter the areas. Once players get in with GPS and a camera on their cell phones, they could record activities in restricted areas and post them online, where people, including possibly foreign intelligence, could steal confidential data.
Cyberspace, a Domain Created Not By Nature But By Human Beings . . . “…I dream of Digital India where cyber security becomes an integral part of national security…” “The entire world is concerned about cyber security and Indian IT professionals could do a lot for cyber-safety of digital assets across the world,”… “…cyber security has become a major concern. BRICS countries should take the lead in preserving Cyber Space, as a global common good….” -Shri Narendra Modi, Hon’ble Prime Minister of India programs and data from unintended or unauthorized access, change or destruction Cyber Security & Social Media With the increased usage of social media, our life has divided into two parts. One is the real life that we live and other is the virtual life that we have on the internet. It is observed that there is a huge behavior difference of people in real life as compared to virtual life. In real life, we have 10-15 friends. However, in virtual life, our friends on facebook easily cross 1000. People keep on adding people in their profile without even knowing them which can prove to be harmful as cases of theft, kidnapping, and even murder have been reported where criminals were virtual friends.
20 September | 2016
While it has yet to be officially launched in India, the fever has hit the country, as many people have downloaded the game through backdoor channels. Present Industry Scenario We live in an increasingly networked world, from personal banking to government infrastructure. Protecting those networks is no longer optional. It is found that in many organizations personal user information, credit card information, email accounts etc. have been compromised. In some companies, cyber criminals are involved in financial fraud and stole money from accounts, carried out industrial espionage and in some cases even took over company systems and demanded ransom money to unlock
CXO Standpoint them (RANSOMWARE). Future of Cyber Security It’s not surprising that governments and businesses around the world are searching for better cyber defense strategies. Every organization is in need of cyber security professionals to protect their information, network, websites etc. from attacks of hackers. As per reports, India is facing a shortage of approx. 5 Lakh Cyber Security professionals and with the advancement of technology the demand of Cyber Security professionals will increase. With Digital India campaign, from banking to rail-air ticket reservation, Income tax filing, digital lockers, E-documentation etc. we are totally dependent on technology. So securing these we need more Cyber Security professionals.
Cyber War We have witnessed World War I and World War II. However now the war will not be fought with weapons/missiles. Rather war will be fought online, where computer technology will be used to disrupt the activities of a state or organization, especially the deliberate attacking of communication systems by another state or organization. Conclusion There is clearly still much work to be done, and the people behind the attacks have a significant head start. Cyber security is one of the most urgent issues of the day. Computer networks have always been the target of criminals, and it is likely that the danger of cyber security breaches will only increase in the future as these networks expand, but there are sensible precautions that organizations can take to minimize losses from those who seek to do harm. With the right level of preparation and specialist external assistance, it is possible to control damages and recover from a cyber-breach and its consequences. About the Author Kshitij Adhlakha is an Entrepreneur, Author & cyber expert. He is acting Director of A & R Info Security solutions Pvt. Ltd and has founded Secugenius (Ranked as one of the top 5 Cyber Security Companies of India by siliconindia) and has 6+ years’ work experience of handling projects in Information Security He is a solution and result oriented professional and is a specialist with notable success in planning, directing and supporting execution of a broad range of corporate IT initiatives in Strategic IT outsourcing, Information Security etc. He and his team has trained over 2.2 Million students and professionals and are working with different law enforcement agencies and helping different state Cyber Cells in solving Cyber Crime Cases.
Kshitij Adhlakha Director, A & R Info Security Solutions
He has authored a book SECURITY BREACHED “Security Beyond Hacking” and has also written books for seculabs .He has also published research papers on “Email hacking” & “Steganography” at the national level and has also written articles for many national newspapers.
September | 2016
21
Chalk Talk
A Truly Innovative Way to Manage IoT Security Risks
S
oon without even hiring, your personal assistant will be there for 24*7, isn’t it the imagination of every common man? Yes and just to fulfill it, soon Internet of Things will be surrounded all over. Every object will be soon connected to another object with artificially intelligent and interconnected devices. A thing, in the Internet of Things, could be a person walking with a fitness care belt or an automobile that has built-in sensors to alert the driver when it’s operating in reverse gear and doesn’t hit any object. Basically, the object will be assigned an IP address and transfer data over a network. Pay Attention to Issues of IoT Devices whichever connect to the Internet like fitness trackers, smart watches, home security systems, etc. are vulnerable to security risks. Nowadays, it’s not necessary that the device needs to be a computer, smartphone or tablet only.
passwords or have easy to guess passwords. When a hacker gets physical access he could easily hack Nest thermostat or if they have camera’s IP address, the remote could help to get easy access. How to Deal with IoT Security Issues IoT security was previously avoided, but nowadays it has become a major concern even at the government level. So you need to be cautious and we will see what measures could be taken in this direction. Biometrics defined as characteristic related to humans. Why biometrics authentication could be way better than using PIN’s and Passwords as people are generally advised to put the strong passwords but sometimes hackers just have their own ways like hit and trial, phishing, etc. As previous methods have become inadequate and inefficient, biometrics will use fingerprints, face, voice and iris recognition which is unique to every human as same fingerprints or similarity in the voice of two different persons is not observed.
When we access the Internet, we know that downloading attachments or working online have risks of virus and stealing of bank account details. Smart computer users will install anti-virus and security software.
It’s better for Bluetooth - enabled devices to turn off their devices when not being used as it’s a safety measure for users to protect their devices from unwanted access.
Many of us will not be suspicious about the risks of IoT, but it’s too at risk. Home router is a major root of middle attacks as people don’t have time to change default
Wi-Fi home-users are recommended to change passwords frequently and use the WPA2 security protocol. You need to change your older WEP protocol that having simple to
22 September | 2016
Chalk Talk
guess password, as it puts your home network at risk. Another way smartphone users could keep their devices safe is checking for patches and updates. IoT vendors need to take a step ahead and nail down a process for delivering the trusted patches automatically. Some devices need to be manually updated with the installation of patches as they won’t be capable of being patched. The key to keep away hackers is to keep your devices up-to-date. Mandating of Cryptography is another solution, as data leak will get lower through user error or architectural weakness and encrypted communication protects data in transit as well authentication credentials. The Next Best Thing to Technology It doesn’t have a definitive answer that when security issues will be resolved or end. At present, most of the IoT devices have security vulnerabilities. But be optimistic and you need to assume that over the next couple of years, it would come to an end. But with that IoT architecture needs to be
more advanced and secure, they should keep in mind that if it can connect to the Internet, it’s also accessible to hackers. IoT is definitely growing industry. Pew Research Center’s experts predicted that by 2025 IoT will have “widespread and beneficial effects on the everyday lives.” Internet of Things will be in fashion for years, organizations and businesses will adopt it, the common man will be most benefited, whether by refrigerators notifying to buy vegetables or sharing information from Fitness Bands with hospitals. They are not going to fly off the shelves. As the IoT is evolving technology but as we know changes and improvement are necessary for survival. So does the IoT need improvement and for that, IoT needs to emphasize security from the first day itself. Future-proofing, implement access control and device authentication and updates of IoT devices should be kept in mind, and most importantly know your enemy and prepare for security breaches.
23 September | 2016
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
Avyaan: Way to Protect Your Data
Growth Enabler of Avyaan Tashish Rai Singhani, Business Head of Avyaan Labs, has pursued his education from reputed institutions such as Kirori Mall
24 September | 2016
“
At Ayvaan, we ensure the security of
your organization as well as
from that, the company also conducts annual security routine for Mobile Applications and Web Applications. While penetration testing procedures are aimed at finding the vulnerabilities in Web Apps and Mobile Apps, Security Audits are done in order to evaluate the performance of testing procedures. At Avyaan, they understand the critical need of reliable cyber security solutions and thus aim at providing advanced security options to safeguard your digital assets. Avyaan’s mobile and web application penetration testing process can help in the following:
your customers
“
With a team of adept professionals, well-versed with information and cyber security Ayvaan emerged in 2014. Avyaan’s security experts make sure that your business is provided with the updated information cyber security. They work on various aspects that range from information security risk analysis to countermeasure assessment. Besides, they provide key assistance in the overall risk assessment. They check your web and mobile applications for vulnerabilities from an attacker’s perceptive in accordance with OWASP standards. Their professionals lay stress on checking vulnerabilities like cross site scripting, SQL injection, invalidated inputs, etc.
College, University of Delhi and ICFAI, and is plentifully knowledgeable about several fields; particularly open source development and consulting. Intending to come up with innovative digital security solutions, he was one of the cofounders of Avyaan in the year 2014.
“
W
eb sites are woefully prone to security risks, ultimately, for any network to which web servers are connected. Laying aside risks created by misuse of network resources or employee use or your web server and the site it hosts present your most critical sources of security risk. Therefore, web application security testing has become very important.
Avyaan’s Top Notch Services Working on every aspect related to digital information security, Avyaan offers a multitude of services such as External Penetration Testing, Web Application Audit, and Mobile Application Security Audit. Apart
• Proactive identification of the vulnerabilities which are critical and the ones which are not so significant. This allows you to prioritize your counter measures. • Get rid of financial perils like customer retention programs, discouraged business partners, legal activities, decline in employee productivity and reduced revenue for the company. • Maintain customer loyalties and save the corporate image. Customer retention costs can prove to be really expensive for an organization and regular testing can avoid such financial losses for the company. Avyaan’s web application security
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
audit services include training on secure coding, secure code review, security assessments, web services audit and implementation of application security strategy for your company. Team Avyaan has a deep expertise in the practice of assessing and securing mobile applications and environments. Their comprehensive mobile application security audit service offerings include Mobile Software Security Testing, Mobile Source Code Review, Mobile Architecture Risk Analysis, Mobile Application Threat Modeling, Mobile Application Security Standards Development, and Mobile Application Vulnerability Remediation. Avyaan has garnered a broad clientbase for efficiently performing web application security audits and penetration testing. They help you determine the vulnerabilities that can be exploited by a remote unauthorized attacker. Due to their well-trained and efficient technocrats, they can stop the intrusions at an early stage. Their external penetration testing service helps you figure out the vulnerabilities, weaknesses and other technical flaws due to which you can lose your company’s vital information. In case of web application security testing, they do a rigorous analysis on configuration errors and application loopholes in server code or scripts. In order to reduce the risk of malicious attack, they offer annual security services to their clients. Clients at Avyaan are able to secure their Apps and Websites. By cutting the chances of these Apps and Websites
Tashish Rai Singhani Business Head getting hacked, Avyaan prevent any unauthorized access to the information manipulated by these Apps and Websites. Additionally, their audits are helpful in analysing and evaluating digital security in the client’s organization.
fully comprehending the implications these have on the entire firm, they are evincing themselves vulnerable to an array of cyber security threats. The need for securing the IT infrastructure has been a very significant factor for many organisations.
Future Ahead Today, cyber security threats have become steadily sophisticated and complex. However, organisations have not been able to evolve at the same pace. As organisations move ahead and embrace new technologies without
Avyaan is on its way to become one of the best digital security companies in the world. The most exciting part is the constant evolution of the company’s strategies and methodologies, which is attracting more potential clients.
September | 2016
25
CXO Standpoint
Chuck all the Competencies and just focus on
‘The Joy of Serving’... A
s the appraisals come to an end in most of the organizations, the HR moves on to conducting the skill and competency gap exercises. For a change we witness many organizations giving fair importance, if not equal, to assessing the gaps of their HR team also. When we delve into what are the competencies that the HR professionals require, we witness a wide gambit of them ranging from fashionable ones like CHRO, Business Partner and Analytics to the simpler ones like Negotiation Skills and Conflict management. What comes across as a surprise is that most of us miss a key element core to any HR professional, namely- Compassion. Many of us chose HR as a profession by choice; but there are many others who have come into this profession not on account of Passion, but that of Process. Some because of organization requirements or job rotations, while the reason for others was as simple as that during their MBA, they felt choosing this specialization was an easy route to complete the course. In short, what we witness is that HR is the only profession which doesn’t have a standard course with an equal emphasis on practice or hands-on experience. More often we see a diversity & mix of backgrounds and knowledge levels among HR professionals. At times it is good since it
26 September | 2016
builds a diverse range of experience & expertise; yet at the same time, it also results in a lack of a consistent solid layer at the very base. So what competency is the bedrock of any HR professional? Well, the debate is still on, but one that stands undisputed is certainly- Compassion. The HR professional must possess a mindset to help other, irrespective of what role and hierarchy we are in or how much the organization rules & policy enable the same. How does one describe the competency of Compassion? In simple words, it is the ‘The joy of Serving’ others. Some of the key fundamentals of Joy of Serving are as follows: • Employees are my Clients - Simple & Period! We need to quickly realize that Employees are our clients and we as a function exist to serve them as organizations exist to serve external clients. Unfortunately, it has become a trend to treat employees as a pain and a general belief that they are all eternal cribbers. For once, pause and try to remember those N-numbers of times we hated the experience of not being treated properly & kept waiting when we stepped out for a lavish dinner or called a bank helpline for information. Then how can we
CXO Standpoint
end up telling our employees not to chase us for update or information. Rather why can’t we tell them that we will get back to them as and when our checklist burden lessens? We need to rebuild our outlook toward how we treat our employees. We should realize that we earn our salaries because of them and our founding philosophy it to serve them with Joy.
• We Cannot Solve Everything & Should not Attempt the same The Joy of Serving doesn’t mean we have to bend backward for everything and everybody. It is not about ensuring that the end results are positive in favor of the employees, it is about being fair and playing by the rules.
• We are a Service Function In our zeal to become business partners, we have missed the point that we are still a service function. Just because of the introduction of technology or numbers we cannot change our outlook. The idea is to become an enabling function where we identify the hidden synergies and act as a catalyst to empower them and exploit them.
In this complex world, we will encounter deviations and exceptions and we will have to manage them. That means we cannot solve every single problem in one go and there would be stakeholders whom we will end up disappointing. This isn’t a failure for us, but when the stakeholder doesn’t understand ‘why’ the problem was not resolved and believes that it was our whim and whimsy which resulted in it, we sure have a problem on our hands.
We need to continue to function as a service function and appreciate that technology can only be a facilitator in this process. For example, an employee would still love to receive a call on his birthday or anniversary by HR rather than a lifeless eCard. What technology can do in here is that it can help remind the HR Professional as to which associates birthday or anniversary is coming up next. We need to get back the Human Touch in the HR.
• We can be polite even when being assertive Being assertive is not the opposite of Joy of Serving, but there is a fine line between being rude and being firm. Some situations may demand us to be firm / assertive with our stakeholders and we shouldn’t hesitate in doing so. What is critical is to understand and appreciate that we can be firm and polite at the same. As children we all had these experiences where our family never hesitated from September | 2016
27
CXO Standpoint pampering us, but at the same time drew the boundary line for what was allowed and what was not. Many a times, we miss the clue in here because we see ourselves as the guardian of the policies, frameworks and work ethos and see the stakeholders who are not aligned to the same as offenders. We forget that we are not the ‘Police’, but the quiet ‘Gardner’; wherein we need to nurture with care & compassion and weed out what is not good. • If we don’t Enjoy doing this, maybe it is time to quit The biggest challenge is many of us are not sure what we are doing in our job or is the right profession we have chosen, wherein we are nobody’s favorite and do a thankless job throughout the day. It certainly is not one of the perks, but comes with the territory of our job descriptions. All jobs have occupational hazards and for us, as HR professionals this is the one. If we don’t like this essential element, it is always better to move on and get into another profession. The joy of serving isn’t the one and only competence to Nirvana, but solid bedrock on which all the other competencies and skills for HR should be built on. It is futile that we may have best of skills in our professionals in terms of technology or analytics, but a heart of compassion missing. Our dream should be to ultimately move from the ‘The joy of Serving’ to the ‘Honor in Serving’. - K Srinivas Rao
About The Author K Srinivas Rao, Chief Strategist and Partner, is a human capital strategist with the expertise of 23 years across Human Capital Value Chain. Prior to The Strategist, he was heading Strategy - HR at Satyam Computer Services. Formerly, he held management roles at various levels in CATS (Computer Associates-TCG), Baan Info Systems, Ernst & Young, Videocon International. An avid writer and guest speaker on the subject of Change Management and Human Capital, he wrote 5 books under the “101 Smart Ideas Series” published in 2015, “Managing HR Issues in a Merger” -published in the Handbook of Business Strategy 2002,“Whispers of a Devil in an Angel”,“Principles and Practices of Management”. He also co-authored a book titled ‘Unconscious Leadership
28 September | 2016
Conspiracy’ and has published more than a dozen articles in International & National Publications. ‘Mr. Rao holds dual Masters’ degrees and attended Indore School of Social Work, where he topped the class of ‘93 and later pursued Masters in Military Sciences’. Currently, he is a Research Scholar at XLRI Jamshedpur and a visiting faculty at ISB and IIM Indore. He was awarded “HR Leadership Award” in 2008-09 by Employer Branding Institute and Super Achiever as HR Professional in 2006 by Indira Group and Fun & Joy Institute.
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
Lyra Infosystems: Enabling IT Evolution
Adept Behind Lyra Rohit Sharma, Founder of Lyra Infosystems, has established the company in early 2007. Prior to Lyra, Rohit worked in companies like SDRC (India office) ISI (Integrated Systems, Inc., APAC Office based out of India), Wind River Systems, &PixTel Communications. With more than two decades of Sales, Marketing, Operations and Management experience, Rohit has been part of a couple of start-ups as a founding
30 September | 2016
Distinguishing Lyra Lyra has the first-mover advantage and hence enjoys the Technological Leadership and distinguished services. Lyra is not only the first in the segment, but also the only one in
“ Assess, Manage, Customize, Deploy –at Lyra, we make software practices and solutions enablement that simple
“
Not just that, the company extends implementation tools, upgrades, security and vulnerability resolution to clients, amongst a host of other services. Lyra is also specialized in DevOps & ARA, RSM, SCM and Information Management Services. With superior industry experience, Lyra’s team is adept at providing cutting-edge solutions to cover the entire range of activities for organizations of various sizes with its Security, Training and Consultation, Open Source Support Services, Legal remediation, and other services.
member. He contributed in establishing them as successful and stable organizations today. At Lyra, Rohit is responsible for Sales and Operations.
“
W
ith a vision to be globally recognized as one of the most innovative, dedicated, and productive IT consultant firms Lyra has been established. “Lyra is a professional services and consulting company specialized in widespread support and comprehensive consultations for all open-source technologies and giving its state-of-the-art services for a decade,” says Prasad Adiga, COO, Lyra Infosystems
the region. Lyra has brand recognition and has a long learning curve that frequently enables more secure and efficient means of delivering the services and solutions. Lyra’s focus has always been to
accelerate and design their services and solutions in an innovative way, for that they strengthen their R&D team. They expand senior management team in all the verticals like Sales, Marketing, Legal, and IT. They appoint advisers for intellectual property and finance. They develop overseas market entry plans and seek new market segment for their services and solutions and commission assessments of key markets. Lyra also pursues strategic alliances with the pioneers of DevOps, SCM, RSM and OS. Challenges Overcame Being the first-mover, Lyra inevitably faced the gauntlet of creating and marketing the new services and solutions. Lyra faced different challenges at various levels of establishments. Apart from the financial challenge, Lyra was confronted with some more challenges like Need or Gap Fixingwhile introducing a new solution in the region, Lyra spent years, to make awareness about the revolutionized solutions to those who were new to that; Research-ne of the biggest challenge, as gathering primary and secondary data to back certain assumptions on business projections was the key; Partnership Decision Making- In this ever-expanding and ever-changing IT era, where organizations need to battle hard for their survival, Lyra also faced difficulties to find trustworthy partners. Going into a partnership paid great dividends, but Lyra had to consider a variety of factors before
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
making any decision to collaborate with another company working in the same ecosystem. To reap the maximum benefits out of a partnership, Lyra looked for organizations that are pioneers in their segment and have a good reputation amongst the industry giants. Client’s Benefits Lyra has the distinguishable services and solutions used across the ASEAN region. The clients have seen several operational and financial gains from Lyra like reduced overheads, optimum efficiency, etc. For Reducing Business Risks, Lyra protects corporate IP, assists with compliance reporting. Lyra enables the implementation of a repeatable business process to support corporate compliance policies. Lyra Protects and Accelerate Software Development by giving deep insights into projects including known vulnerabilities, license requirements, and project activity. Plus, it alerts companies when any new vulnerabilities are identified for those projects and helps them manage and track remediation activities. For Enhanced Security, Lyra adds extra layer of online and network security. With the experts in privileged access and password management, Lyra assists you in incorporating privileged session management with a secure password vault to ensure that privileged account passwords are protected and are impossible to penetrate by unauthorized individuals. Lyra’s commitment to business excellence, strategic partnerships, and enduring customer relationships
Prasad Adiga COO culminates into best-in-class IT counsel and services exceeding expectations. Their expansion in ASEAN and a long list of clients from different verticals and regions showing Lyra is on the right path, and assures that this would definitely go beyond the boundaries of ASEAN. The Future is Open Source Black Duck’s annual Future of Open Source Survey shows that 56 percent of corporations contributed to open source projects in 2014. The world is witnessing the next wave of open source, companies like Twitter, Facebook, Netflix, and Ericsson are
participating in the OSS community, and developing and using open source in their own frameworks. 55 percent of respondents clearly mentioned that open source helped create new products and services and it will be difficult for the companies to develop innovative software without it; companies now understand the rapid, progressive development it enables. Open Source is the future of technology. And, Lyra’s progressive experience and expertise in Open Source domain will definitely assist the companies with the adoption and correct usage of Open Source.
September | 2016
31
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
SecureLayer7: Time and Again Securing You
Duo behind SecureLayer7 Sandeep Kamble is Founder & Lead Security Engineer at SecureLayer7 and as a security professional, Sandeep managed to debunk vulnerabilities/bugs in Google, Facebook, Twitter, Yahoo, Dropbox, PayPal, global insurance firms, government entities, financial institutions, telecommunications companies and TOP internet companies. Sandeep published articles can be found at Garage4hackers.com. Sandeep was a speaker at International Security Conferences ClubHack 2012 & Jailbreak Nullcon 2013. Kishor Desarda, Co-founder & CFO of SecureLayer7, brings years of Financial and Operations experience to SecureLayer7. As a CFO, he directs SecureLayer7’s Finance, Accounting, and Legal functions. Kishor is also responsible
32 September | 2016
Security in Every Aspect of IT infrastructure The company offers umpteen varied services and solutions to provide clients with security in every aspect of
provide best possible “Wesecurity solutions to the clients for their Application, Mobiles, IOT, Networks, and Cloud in a time and cost efcient way. We let the client take care of their business while we take care of their security
“
SecureLayer7’s security experts are looking at security as deep as attackers are going. They provide their clients with a layered security architecture which provides information security services and solutions at the deeper level of the infrastructure and not just the perimeter.
for the continuance of SecureLayer7’s rapid expansion and strategic growth. During his time, he led financial operations during the fastest growing period in the company’s history, in excess of 65% year over year. Prior to co-founding Securelayer7, Kishor founded Gazon Communication India -an ISP company. At Gazon Communication, he led the company through rapid growth and the acquisition.
“
S
ecureLayer7 is an integrated business information security firm that specializes in comprehensive IT security services solution. The essence of SecureLayer7 lies in the team of individuals who have their roots as professional security testers and researchers.
their IT infrastructure. These security testing services have been designed in such a way that simulate the activities of a malicious attacker thus providing
accurate assessments of the network, applications and everything else that is somehow associated with the IT infrastructure. SecureLayer7’s Information Security Services SecureLayer7 Information Security services include Application Security, Network Security and Configuration, Telecom Security Solution, Mobile Application Security, Server Security Solution, Source Code Audit, Web Malware Find & Clean, Server Configuration Audit, Vulnerability Assessment, Penetration Testing, Firewall Ruleset Review, SAP Security Service, Compromise Assessment, Architecture Reviews, Cloud Security Assessment, IOT Security and ATM Security Assessment. SecureLayer7’s Information Security Products SecureLayer7’s Information Security Products include Free Web Malware Scanner and PhishEye - Phishing Simulation. SecureLayer7’s expert team aims at securing clients critical assets and making their IT infrastructure attackproof. At SecureLayer7, they go a step ahead in delivering quality services tailored to clients needs. They aim to serve the most comprehensive security solution to the clients. Like every startup, SecureLayer7 also faced many challenges. But the company’s core values kept them moving and helped them overcoming these challenges. Their core values
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
include a commitment to innovation and excellence, a commitment to doing good for the whole, embrace and drive change, pursue growth and learning, do more with less, be passionate and determined, and a teamwork. SecureLayer7’s Pride The company takes pride in their technical finesse, tested and proven testing methodologies with comprehensive reporting, client satisfaction, Industry recognized security experts providing refined professional services, years of experience with remote as well as onsite services. Their consultants are IT Security Engineers with more than 3 years of experience. They are all certified in OSCP, CREST, CEH, LTP CCNA, and RedHat. At SecureLayer7, engagement with the client is not just about performing the testing and handing over the reports. They include the client in every step of the security testing process. They help organizations identify risks to their information security and prioritize those risks so that they can allocate resources in the most cost-effective way. During each engagement, SecureLayer7 engineers meet with you regularly and communicate high-risk findings immediately. At the end of each engagement, they deliver a comprehensive report that is valuable to both the technical and executive levels. For technical staff, they detail the immediate threats across the enterprise and recommend the appropriate responses. For executives, they clearly communicate systemic issues and solutions, prioritizing risk management strategies based on resource constraints and risk goals.
Kishor Desarda Co-founder & CFO The company serves for clients like Volkswagen, Annomap, Al Ahli bank of Kuwait K.S.C.P., Oman Insurance, Irshad, Product Dossier, Central Desktop, Gazon Communication, Waxspace Web Hosting, T.I. Infotech.
new and innovative ways of securing themselves from cyber-crimes. Their work is not just a job that they perform. It is their passion and it excites them to cater to the requirements of their clients.
Future Vista Cybercrime is a serious threat that will not soon fade. At SecureLayer7, the team is on the path to provide best possible security solutions to the clients for their application, systems, and networks in a time and costefficient way. They believe in working like a hacker would gain maximum efficiency. They are striving hard day in day out to provide their clients with
At SecureLayer7, their vision is to be the client’s first choice when they look for an information security specialist. The company aims at being the highest quality information security service provider. In the near future, they see themselves as the leading information security service provider globally. Besides, they will also be releasing products that will help organization’s further secure them.
September | 2016
33
Get a grip
Things to be considered for Managing IT Risks 1 Find out the Risk Understand the risks, is what the initial step to manage them. The rising prevalent insider threat should be resolved through Access Control and Identity Management Systems
5 Compliance Isn’t the Same as Security Securing systems and data may make you acquiescent, but being an acquiescent does not mean that you are secure. If your controls fulfilling your regulatory requirements, but do not mitigate risk, then they aren’t sufficient.
4 Implement the Right Controls, and Make Them Secure Implementing the proper controls and grant access to your systems to only the right people,and then monitor and constantly check out the controls.
34 September | 2016
2 A Right Business Investment Aligning IT risks with business needs will assist you to allocate the resources you need to manage those risks.
3 Check Out Risks Regularly It is very essential to evaluate risks and manage control over it periodically which is a part of any business IT control strategy, and not just when a problem arises.
CXO Standpoint
AN APPLICATION CENTRIC CYBER SECURITY STRATEGY NEEDED TO SURVIVE THE ONSLAUGHT
Team Bizcarta
T
he past year saw an increasing number of cyberattacks, with mainstream media covering stories of widespread targeted attacks on the “software and application layer” causing irrecoverable damage to the brand and reputation of companies and critical Information Infrastructures of Nations. Cyber war fare is now a strategic lever strongly considered by nation states to shock enemy nations without firing a single shot or a drop of blood spilled, an entire country can be crippled by a well-coordinated cyber-attack; While software applications are the engine of innovation they are today the biggest attack vector with more than 85 % of the attacks targeting the application layer, Having the potential to devastate companies and Nations. Thus the traditional approach of building security counter measures around the Infrastructure and network layer in isolation don't work anymore as attacks on applications are
36 September | 2016
continuing unabated. Hence there is a paradigm shift in idea to apply an application and data centric security strategy as opposed to the traditional approach. An application-centric approach shifts the security focus from the tools and processes, to the business and services they are designed to enable, thus ensure that security serves the strategic needs of the business. Data and Applications are the oil that lubricates institutions, organizations, governments and smart cities. Data is the crown jewels that need to be secured on high priority. Organization and governments gather process and distribute data in real time with the aim of increasing efficiency and improving situational awareness. This data is priceless. Cyber Criminals and state sponsored Cyber espionage actors are in pursuit of this data - the crown jewels; if stolen can cripple companies and governments.
CXO Standpoint
Hence application security should be amongst the highest priority The number of security incidents that have been handled by Indian Computer Emergency Response Team (CERT-In) over the last few years has increased exponentially. If we compare the security incidents of 2014 with 2013, there has been a marked increase of 82%. Recent research shows 85 % of these attacks are targeting the application layer. Attacks on applications are among the costliest incidents organizations can face. One coordinated attack reportedly stole US$1 billion from 50 different companies. Also there is a steep 135 % increase in ďŹ nancial loss reported this year compared to the previous year’s trend of 20-30% over the years before. Not only has the number of incidents increased, but the average loss resulting from an incident borne by an Indian organization has also increased by close to 8%.
A major concern reported by security research analyst is that the newly hyped smart cities are implementing newer technologies at a very fast pace without testing and performing application security assessment. As a result of this, it is predicted that an unprecedented cyberattacks will surface in smart cities infrastructure. In addition to ďŹ nancial and reputational impact there can be threat to human life due to disruption of Critical infrastructure like power systems, water supply and transportation networks. The threat to applications are real and its Vital to orient security strategies to protect application and data by securing the software code and instituting security processes across the software development, deployment, maintenance life cycle and establishing multi layered security counter measures throughout the infrastructure value chain that protects the application. When an organization takes an application centric approach to security, there is an automatic shift of aligning the security to business risks and a paradigm shift from the traditional piece meal point solution approach to a more comprehensive strategic dimension. The key aspect of the Application Centric Security Strategy is to break the security silos and establish an integrated 360-degree view of the security processes and solutions across the
September | 2016 37
CXO Standpoint infrastructure value chain aligned to protect the crown jewels which are the applications and data. BizCarta Technologies is a pure play Information risk management consulting services company, providing high quality cyber security consulting services to SMBs and large corporate helping companies establish a robust cyber security strategy and a road map to deal with the evolving threats in a systematic manner. Serving customers from diverse sectors such as IT, ITES, Ministry of Defense, leading Gartner rated software development including leading global banking software application developing firm and manufacturing industries, BizCarta has helped companies in predict, detect, mitigate and sustain from cyber threats by building secure foundation pillars for risk reduction to acceptable level. We are passionate about what we do and we do it with the best of our abilities to meet the business needs, secure the infrastructure, support the business growth strategy, empower board members through sustainable results and roadmap.
BizCarta leverages its proprietary Adept6 consulting framework to help organizations build a comprehensive cyber security strategy and a roadmap for a unified cyber resilient defense platform
38 September | 2016
Director Cyber Security and Solution Design-Roy Ramkrishna says “Our mission is to support organizations in building a resilient cyber defense platform”. The critical tenets of which are The best defense is to learn from offense-Use knowledge of actual attacks that have compromised systems and use these events to build effective, practical defenses. Classify the attacker maturity level and perform red teaming exercise on infrastructure to find the 5 W’s - why, who, what, where, and when of the attack vectors. Physical Security is also playing an important role. Most of the insider threats are due to lack of proper physical access control. Prioritize the priority-Ask the question is compliance your priority or true risk reduction? Invest first in appropriate controls that will provide greatest risk reduction of the application layer and critical infra. Availability against most dangerous attacks. Governance and Metrics-Define operational governance and strategic governance through a mutual metrics to provide a common language amongst CXO, auditor, IT specialist and operational security team. Continuous Improvement Culture-Perform regular assessment to test and validate the effectiveness of the current state of security measures and provide inputs to drive the priority. Conduct frequent User awareness exercise and arrange role based information security training programs. Automation-Manual process had to be automated to improve defenses through speed of aggregation, detection, mitigation and continuous measurement from defined metrics. Invest in right skills and enforce a culture of knowledge sharing. BizCarta team is a unique combination of business and core security engineering experts who plan market domination in the morning, wrack our brains over chess at noon, and hunt the hackers at nigh-enjoying every moment. With expansion in customer base and timely project execution, the company has received attention as a promising Information risk management consulting firm. Presently operating from India and USA, BizCarta has extended its operations to EMEA Region. By proficiently working on its consulting framework Bizcarta envisions becoming one of the top 10 Information Risk Management Cyber Security Consulting & Services companies in India by the year 2020.
Highlights
Tactics to be Followed to Ensure
Best Enterprise Security he company’s founders occasionally forget about implementing important fundamentals of security and start running after shining technology. The security budgets are limited, so they need to be sure about covering highest breach areas before moving onto other things.
T
systems. It would be hard to keep important data protected from theft unless security systems continue to evolve.
IBM reported that more than a billion personal data was stolen and leaked in 2014 alone, which made it the highest recorded number in the last 18 years. So companies should have best strategies and practices fro enterprise security. Criminals are always a step ahead of the existing security
Firewalls Firewalls are the first line of defense for any enterprise. It basically controls the flow of the data and decides the direction of flow of data. The firewall keeps harmful files from breaching the network and compromising the assets.
40 September | 2016
So how do we ensure to have the best security systems? It all has to do with having a solid foundation, which starts with these basic practices.
Highlights
The traditional process for implementing firewalls is at the external perimeter of the network, but to include internal firewalls is the popular strategy. This is one of the best practices of companies by making it the second line of defense to keep unwanted and suspicious traffic away.
86 percent emails in the world are spam. Even if the latest filters are able to remove most of the spam emails, companies should keep updating the current protocols. If no of spam emails are large, then it only means the company is at greater risk of getting malware.
Secure router Routers are mainly used to control the flow of the network traffic. But routers do have security features too. Modern routers are full of security features like IDS/IPS functionality, quality service and traffic management tools and strong VPN data encryption features. But very few people use IPS features and firewall functions in their routers. To have improved security posture companies need to use all the security features of routers.
Web Security Verizon Data Breach Investigations Report stated that the attacks against web applications in the recent years have increased at an alarming rate, with over 51 percent of the victims. Simple URL filtering is no longer sufficient, s attacks are becoming more frequent and complex. The features that need to consider for web security systems are AV Scanning, IP reputation, Malware Scanning, and data leakage prevention function. A web security should have the ability to correctly scan the web traffic.
Wireless WPA2 This is the most obvious feature of all. If companies aren’t using WPA2 wireless security, then they need to start using it. Many methods of wireless security are insecure and can be compromised in minutes. If companies have wireless WPA2 installed, then it will difficult to breach to criminals.
While world is approaching to more and more cyber theft and crimes, these standard tools based foundation of enterprise security can protect your company from such attacks.
Secured Email It is highly common to receive emails from the suspicious sources. The email is the main target for the criminals. An September | 2016
41
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
Veeras: Partner for Progress V
42 September | 2016
The company delivers solutions across Virtualization, Storage, Availability, Security, IT
Our IT infrastructure “services and solutions enable you to run your business with better integration, cutting on downtime, and optimizing project cost
“
Veeras has been the recipient of several awards and recognitions for its superior quality involves ‘India Partner of the Year Award Winner2016’, ‘20000-1 Certified Company’, ‘CRN- Best Solution Provider South Software 2014’, ‘NetApp-Partner of the year-South 2014’, ‘APAC Partner of the Year Award Winner @ the Intel Security Partner Summit’, ‘ NetApp Tech Award Winner 2015’, ‘CRN Best Solution Provider South server and Storage 2014’, ‘Business Continuity Competency Partner of 2012 for Asia Pacific Japan by VMware’, ‘Certification of Excellence for exemplary growth by
Inc India Magazine for Past two years’, ‘Cloud Champions by Channel world’, ‘Data Center Champion by Channel World’, ‘Best Solution Provider FY 2011 & FY 2010’, ‘Outstanding Contribution - Technical - South by VMware’, and ‘Best Solution Provider Infrastructure Software by CRN’.
“
eeras is a new age IT Infrastructure managed security service provider delivering timely solutions enhancing operational excellence of the business. More than 2 decades of undeterred hard work and its clientele is the proof to their professionalism. Veeras’ passion to transcend new boundaries has driven them to go that extra mile to bring a smile on their customer’s face. Veeras’ sole focus is to cut down on duplication, maximize ROI, to adhere to standards and compliance, to promote adaptability and interoperability. Veeras’ renowned partners are CISCO, CITRIX, FireEye, Fortinet, Hitachi, Intel Security (Mcafee), Microsoft, NetApp, Paloalto, VMware, Symantec naming a few.
Infrastructure and have launched their first ever services brand OPSNOC. They deliver services across the spectrum of IT
Infrastructure and provide onsite, offshore, staff augmentation and managed services. Working with over 15 principal partners they operate across South India with their headquarters in Chennai, Bengaluru and Hyderabad. They also have offices in UAE, Kuwait and Oman in the GCC region. They happily provide 24/7/365 services and their engineers are well equipped to address their queries and provide viable solutions.
In Veeras Virtualization, they aim to transform how IT works by maximizing resource output through centralized administrative task and improved scalability. In Veeras Storage service, their specialized storage solutions are especially designed to fine tunes performance and optimize cost, archiving critical data cutting on downtime. In its Backup availability they promote business continuity with their traditional and online backup solutions promising high availability of data. In its Security services, they combat security bottlenecks with superior threat intelligence, monitoring and interactive solutions through proven methodologies. Success Enabler behind Veeras Sudarsan Ranganathan, CEO & Managing Director of Veeras, is a first generation entrepreneur. He is an MSc drop out; who took a liking to
The 10 Most Valuable Enterpise
Security Solutions 2016 Provider Companies 2016
connecting the developers of software to the consumers of software propelled which leads him to start Veeras Marketing in 1992. His desire to do MBA got him to do the PGCDBM with XLRI from 2002-2004. At every step their team strives to adhere to the best practices and offers creative solutions after understanding the IT architecture of the organization. They never compromise on quality, performance and deadlines. Their team displays high level of dedicated and professionalism and for them all clients are equal. They service SOHO to Fortune 500 companies explaining their range of service portfolio. Their services ameliorate productivity and competitiveness. Forget about in-house infrastructure management and remove ownership of technology reducing Total Cost of Ownership (TCO). Every organization’s needs, investment decisions and necessity vary and ROI is a good way to measure and provide solutions appropriately. Veeras differentiates them by focusing on value driven services to their customer and how it impacts the customers through tangible impact on the P&L. Solutions are specked with break-even being the priority. Veeras key values are resilience, integrity, trust worthy relationships and transparency, which has helped Veeras build a reputation that saved them in quite a few challenging situations that the company has faced over the past 23 years. Veeras has a superior record of their satisfied clients achieved by key values such as simple, honest, experienced, stable people with high level of expertise delivered consistently from the establishment of the company.
Sudarsan Ranganathan CEO & Managing Director Future Aspects Veeras offers a full range of storage optimization leaders and cloud migration specialists partnering with subject matter experts in the field giving a competitive edge to their clients to achieve their business goals in style. Their services give their clients the confidence to venture into new territories giving them the opportunity to increase their revenue. Veeras never compromise on efforts and values, which give them the
strength to exceed the expectations of their clients time and again. Their dedicated services can keep their clients rest assured of best customer experience. Veeras is exciting about OPSNOC, Cloud, Analytics Hybrid Infrastructure, Hyper Convergence, Forensics and Analytics of security that keep them engaged, interested, and energized.
September | 2016
43