Spinning the security web

Ekta Aggarwal of Frost & Sullivan on why the internet has ushered in a new era of security threats for businesses.

“Conventional antivirus software is no longer sufficient when it comes to protecting against evolving web threats. Hence, both inbound and outbound protection has become necessary”
-Ekta Aggarwal

The phenomenal rise of the internet means that it has become one of the most popular methods in the world for circulating information. Consequently, even traditional media such as TV, radio, etc, have undergone significant change. Therefore, today, for most enterprises, internet-based business models have become a communication enabler. The increasing dependency of organisations on information technology to manage inter-firm relationships is also a consequence of the way the business communication landscape has evolved. Users are embracing the social and collaborative dimension of the web, with the need to access information anywhere, anytime or on any device. Also with the need to network with peers, prospects and friends, collaboration has come to the forefront through the usage of blogs, IM and various other means.

Web 2.0

Within this increasingly digitised world, the concept of Web 2.0 tools has emerged and its use is only growing. A large number of organisations are using collaborative technologies such as blogs, podcasts and wikis to communicate with internal employees and also customers. Because of this, we are witnessing a shift from traditional media to social media. Platforms such as Facebook, Twitter and YouTube, have transformed the way enterprises communicate today. With vanishing perimeters and the obvious advantages that these interactive technologies bring, the imperative to be informed of the security challenges and threat vectors enterprises can be exposed to is also very high. Phishing, spyware and data leaks risking corporate data security are just a few examples. The availability of stored information at just one click has created additional risks, leading to possible data loss. In addition, the growing number of remote workers, either working from home or locations away from the office can make corporate networks vulnerable to security breaches, thence making the security of intellectual property, a prime concern. Companies need to look at ways to control the content that is being posted on the web by employees, especially in the light of growing social networking sites and the focus on the protection of intellectual property. Industry reports also indicate an increasing number of security incidents reported every year, emphasising the need for enterprises to draw attention to web security.

With this increase in the adoption of Web 2.0 technology and escalating security issues, enterprises today are facing higher challenge from the ever increasing complexity of security threats. This has been a major driver for the adoption of web content security solutions. Enterprises are espousing web content security solutions to help them determine and limit the entry of the information that is harmful for their corporate networks.

Complex networks

Besides the changing business communication landscape, the growing complexity of networks is compelling the need for web content filtering. The IT network infrastructure is no longer effortless with the large number of PCs, servers, routers, switches that need to be dealt with, increasingly by the system administrator. Moreover, the network architecture is also undergoing a lot of change due to changing business models. This compound network environment is also bringing increasingly complex threats to the forefront. To tackle this increasing complexity of threats, web content filtering solutions provide an excellent match for the corporate need to prevent information and data leakage. However, the continuous evolution of security threats means that organisations need to keep upgrading their security mechanisms to safeguard themselves. The current threat landscape and demands have also changed the role of IT security. Historically, web security was more outward focused for example, URL filtering to prevent access to undesired sites. However, today, the trend has extended towards inbound content filtering as well. The integrity of data traveling within an enterprise which is exposed to inbound threats such as viruses, malware and spyware can no longer be ignored.

Deployment of security merely at the perimeter level or pure web filters have failed to protect businesses from the fast evolving web-based threats and therefore, is no longer regarded as sufficient. Conventional antivirus software is no longer sufficient when it comes to protecting against evolving Web threats. Hence, both inbound and outbound protection has become necessary. Moreover, a multi layered approach is required to address the web threats. This encompasses deploying security at three layers: in the cloud, at the internet gateway and at the end point.

Market growth

Due to increased awareness about the disruption that the web can cause to an organisation, it is expected that the global web security market will register a double-digit growth rate in the next few years. With regards to the deployment of web security solutions by product type, the market for software products continues to maintain its dominant position.

Under the growing pressure to reduce costs and maximise resources, organisations are choosing to transition to SaaS web security solutions and leave the management of the complex networks to service providers where external expertise can be leveraged. With this, the market is likely to see an increase in traction in OPEX-based solution models. Hence, an increasing number of vendors in the web security landscape, are offering SaaS-based solution models today.

Conclusion

It is evident that with the web is fast becoming a tool through which threats can permeate and pose danger to confidential data. And the emergence of Web 2.0 technology with its open content sharing environment, besides altering the business communication scene, has undoubtedly changed the threat landscape. While the greater interactivity offered by Web 2.0 has resulted in positive benefits for enterprises, it has also led to the exposure of more security loopholes. Not only do organisations need to fight the threats but also to grapple with the changing threat landscape. New and sophisticated forms of attacks targeting new technologies such as VoIP, online social networks, etc are continuously changing the face of the threat landscape. Proactive and not reactive web filtering measures can only help enterprises keep up with the changing content. Hence, there exists a greater need than ever before for enterprises to view and practice security as a continuous process than a one time investment.

Ekta Aggarwal is Senior Industry Analyst for Information and Communication Technology at  Frost & Sullivan's South Asia and Middle East practice. For feedback/ enquiries contact tanu.chopra@frost.com.