RSA is a premier global provider of security solutions, and the security partner of a significant majority of Fortune 500 companies. In a chat with Biztech2.0, Arthur W Coviello, co-founder of RSA Securities, talks about the threats in the enterprise space and the future of security in the World Wide Web.

Could you highlight some key enterprise security threats?

At RSA we are seeing evidence of very sophisticated pharming attacks, wherein they plant a seed with a trojan or piece of malware to harvest passwords or sensitive information. The most common victims are online businesses and online banking, where customers could receive phishing emails. I think that banks and other enterprises need to make customers aware of what they are doing to keep their data secure. But often the media hypes these threats even though they are not very grave, and this could aggravate the situation. At the end of the day it depends on the trust factor; how well enterprises can sustain the trust of their customers.

Should enterprises disclose a data security breach?

Well, in the US there are a series of breach notification requirements which makes it unfair not to inform customers that information has been leaked. And this has made it incumbent on organizations to do a better job of protecting information. One reason why companies don't like to admit that information has been breached is to avoid loss of reputation. So there needs to be a mechanism that could be put in place to ensure that no data is breached; and if it is, customers should be informed about the same.

What is the state of security in Indian enterprises?

India is somewhat blessed in terms of the number of attacks. I say so because with the data that we get from our internal studies, and surveys in India, suggest that attacks aren't nearly at the level of what we see in the US or Europe. But that does not mean that India is not vulnerable. In fact, we have evidence that attacks are becoming sophisticated, and the pace of attacks is also picking up significantly.

So what is the future of the security in the World Wide Web?

The World Wide Web allows anyone and everyone to access information. This openness could be a problem. With the profusion of web-based applications, and now increasingly with Service-Oriented Archiecture (SOA), this openness is getting even bigger. We definitely want such openness and we want to use the Internet in a way that maximizes productivity over the web. But in doing so we also create openness for cyber-criminals as well. Historically, security has been deployed in a perimeter-type basis, which ultimately becomes useless because you are letting so many people in due to the openness.

As I see it, the future of security needs to be done at a granular level, centred on who is getting access, and making sure only the right people get access. Apart from, of course, protecting the data itself as opposed to protecting the perimeter. Along with this, I think Pattern Recognition technologies are the way to go. In future, security needs to be less intrusive, more dynamic, and most cost-effective and Pattern Recognition meets all these requirements.