Biztech2 spoke to Surendra Singh, head-South East Asia & India, Websense on the latest security trends and initiatives such as Web 2.0.

What is your take on technologies such as Web 2.0, which have been rolled out with security as an after thought?

I think it will be difficult to handle Web 2.0 security issues. People regularly contribute to such websites. However, these websites do not have the security infrastructure and other solutions in place to scan the data and analyse if it is malicious or not. Most of the social Web initiatives based on Web 2.0 do not invest in security.

What are the top threats concerning enterprise security?

Currently, the misuse of the Internet, including P2P file sharing, instant messaging, and phishing attacks is an important security concern.

Also, ‘inside out’ security is the most neglected area of enterprise security. Indian companies have been spending enough on security for the last 5-7 years. However, users landing on malicious websites is catching up like wild fire. This is one area CIOs need to focus upon.

Could you list some security best practices for enterprises?

It is important to realise where the most important corporate data lies. Certain intelligence should be built in to the system to keep the CIO/CISO informed about such data. Companies should also focus on managing Internet usage.

What can Indian enterprises expect out of the Port Authority Technologies acquisition?

At present, the top most concern of CIOs is the uncertainty concerning data security. Any kind of data leak or breach amounts to losses worth billions. Hence, data leakage tops the priority list of most CIOs/CISOs across the world.

This is exactly what Port authority aims to handle. PortAuthority Technologies was acquired last year for approximately $90 million. The combination of PortAuthority’s information leak prevention technology and Websense’s ThreatSeeker malicious content identification and categorisation technology will strengthen our stand on content security platform. Additionally, both technologies will use an integrated policy engine to give organisations the ability to manage and protect information by individual user rather than by device.