Paladion Networks CEO Rajat Mahanty sits down with CNME to talk IT security and his company’s plans for the region.
What is your strategy for the Middle East?
There is a lot of talk about making the Middle East’s IT more secure, both from a geopolitical angle from a point of view of foreign investment, and for citizens having better digital access. We believe that the Middle East is going to be an important market for information security; it’s already an important market but this is only going to increase. We provide managed security services and help enterprises manage their security operations on a day-to-day basis; we don’t provide a one-off service. We do this through a mix of our own platform, tools and services. We’ve also got presences in India, South-East Asia and the U.S. The dynamics of these markets are all different, but we’ve seen a number of attacks in this region, and in terms of rate of change it is changing the most.
We are excited about the region and are setting up three security operations centres and are delivering cloud security. We’re launching a cloud delivery model where you can pay as you use, without headaches, where encryption is delivered from cloud for users.
Why in your opinion would the Middle East be a target for such attacks?
There are multiple factors at work here. There is a lot of core infrastructure such as oil and gas, banking and the hotel industry which is all connected to IT networks. Secondly the Middle East is becoming much more e-government enabled, there is a lot of talk about digitalisation, not only at the corproate level but at the citizenship level, so a lot more data is getting stolen. Thirdly the Middle East economy is relatively strong so that attracts attackers if they can take money out of a region where a currency is stronger. The Middle East is an attractive prospect for both external and internal attackers.
Which threats do you see as being most prevalent?
So far in the region consumers have not become a target like in the U.S. or India, but that is changing. End-users of a bank or e-commerce are becoming more vulnerable, and attackers are trying to trick them into giving their passwords or information. In the Middle East attackers are more focused on corporate and government networks. In that sense attackers are more stealthy, looking to install malware on users’ laptops, trying to exploit employee weaknesses and internal infrastructures.
What is your philosophy in how to enforce a rigorous security culture?
Security for many people is seen as a glamorous one-time thing, where somebody is attacking you and you defend it. It’s much more about doing the basics well day-in and day-out, not taking your foot off the pedal. We focus much more on that, enforcing good processes so that every day you do the same thing, but rigorously. You can’t expect a human mind to be completely alert all the time, so you have to find a way to automate processes that humans shouldn’t have to do. Can you do the same thing every day without the use of a human? We aim to redirect the use of human skill to more important decisions, while the machine can take decisions that can be automated.