Security in the age of mobility and cloud

Channel Post speaks to Firosh Ummer, Managing Director EMEA at Paladion Networks, about the emerging threats in the age of mobility and cloud that the region faces.

Firosh Ummer, MD EMEA at Paladion Networks
Firosh Ummer, MD EMEA at Paladion Networks

What are the IT threats that Middle East region faces?
The current threats are concentrated on web application and on end point vulnerabilities. The attacks on web application are rising as web security continues to be a weak area for many enterprises. Also, web applications are being used by attackers as a launch pad to target more valuable internal assets like databases and transaction processing system.

The other category of current attacks are targeted at exploit the vulnerabilities at user end points. There are advanced malware injected through combination of social engineering attacks. The aim again is to use the end points as launch pad for more targeted attack on internal assets.

The emerging threats are in the area of mobile applications and cloud services. In both cases, the security technologies are still maturing so it offers a window of opportunity for attacker steal data.

The other emerging threat is attacks on operational technologies like Scada and IP enabled devices. While these attacks will not be mainstream as of now given the limited set of industry using such technologies, they have potential of large scale damage.

Which security solutions can counter such threats?
Given the evasion tactics used by attackers and the use of multi-stage attacks seen today, solutions are beginning to apply security analytics to counter the threats. There will be lot more focus on deeper data analysis on security events to detect hidden threats.

The other trend that is occurring is cloud enabled security technologies which is able to provide baseline security to larger segment of market. Today mid -sized companies are coming under attack as they are being used as a stepping stone to attack large enterprises. Vendors of large enterprises are thus at a threat. Cloud delivered security provides good value to such mid market companies.

With the increase and advancement of attacks, how effective can security solutions can be?
As technology usage rises, the attacks are going to increase. Information security has always played catch up with threats and it is likely to remain the same for near future. On longer term, information security solution will be able to close more and more areas that an attacker can exploit so it will be difficult to keep coming up with newer ways to attack. Long term information security solutions are going to be wide spread and more robust but in near term the attacks are going to rise.

How do you foresee security evolving next year?
We are of the opinion that data analytics will be deployed across security solutions for threat detection and for remediation activities. Enterprises will create architecture to break the silos of security data so that uniform decisions can be made.

We also believe more and more enterprises in the Middle East region will deploy mobile and cloud applications, which will see increase in attacks on such infrastructure.

With increased focus on security the extended enterprise (including vendors, partners, customers) as the security governance issues will get more priority at Board level.