Spotlight

Securing India.Ltd

Information security which hardly received any attention at the CIO, level a few years back has become an imperative board room discussion topic today. By Tanu Talwar

Although the IT industry considered security to be an important aspect of using IT, it was not taken too seriously and deployments were restricted to firewalls to prevent undesirable traffic and anti-virus or anti-spam software. As awareness about new age, sophisticated threats grows, the market for security products and services is considered to be among the fastest growing in the IT industry.

The first step

SecureSynergy, a security solutions provider, recognised the potential of the security market early on and decided to address the needs of Indian enterprises by offering management security, training and consulting and predictability management services. Established in 2002, by three men from varied backgrounds—IT consultant Anil Menon, ex-navy information security consultant, Felix Mohan and ex-army commanding officer, J P Santhanam, SecureSynergy is a pioneer in IT security.

Anil Menon, CEO, Secure Synergy

Headquartered in Mumbai, the company has sales offices in Bangalore, Chennai, Hyderabad, Dubai as well as state of art network and security operation centres at Mumbai and Delhi respectively. Anil Menon, CEO, SecureSynergy says, “Setting up the network and security operation centres was an imperative . We had to do this in order to be considered as an serious player in the international arena.” The NOC and SOC employ advanced data mining, log analysis and event correlation capabilities to enable accurate analysis, and interpret large volumes of infrastructure and security data in real time. The purpose of these centres is to offer services such as vulnerability assessment, device security management, malicious code management and mail filtering among others. Besides these centres, the company also has a research and development lab called the Centre for Information Security and Assurance Technology (CISAT) in Delhi. Set up in 2002 this lab helps client companies simulate security situations to pick the best fit among available solutions.

Spreading the word

Menon says, “The Indian security market was not mature when we started out. Consequently there were not many takers for the services that we had to offer. One of the major challenges before us was to spread awareness about IT security and convince enterprises to secure their IT infrastructure by adopting information security solutions.” The company had to change the traditional corporate mindset towards IT security that it was restricted to firewalls and anti-virus. Menon adds, “To gain customers it was imperative to make them understand that information security solutions not only protect organisations from IT-related risks but at the same time they also provide intrinsic value and strategic advantage by enhancing credibility and bolstering confidence among stakeholders.” By maintaining a focus on offering effective security services that go beyond implementation, the company has not only silenced the initial doubts expressed by its channel partners but it also achieved its goal of increasing the level of trust that customers place on their information systems.

Starting out with just two clients, the company’s clientèle has grown to more than 950 with about 800 in India. All this has been achieved in a short span of four years. With a client list that includes leading names such as BSE, ICICI Bank, Wipro Technologies, the Indian Army, Al Shirawi, Abu Dhabi National Oil Company and Hindustan Lever, the company has expanded its footprint across varied industry verticals. At the same time its continued association with its first customer, Edelweiss Capital, a leading financial services company in Mumbai, speaks volumes about its integrity.

IS in full flower

SecureSynergy has bet on three fundamental principles to grow as an organisation. Firstly, that a proactive, process focused, continuous model is the best one when it comes to managing information security. Secondly, advisory services and implementations have to go hand in hand to deliver cost-effective security and lastly, security will be integrated into every part of the IT stack and be a crucial component of the IT stack. The trends of today validate these assumptions that the company subscribed to from day one. Talking about the Indian security market, Menon says, “Although Indian companies did not pay heed to their IT security requirements earlier, the trend has changed. Today corporate budgets for security range between three to four percent and this figure is expected to go up to seven to eight percent of a company’s turnover within a few years.”

According to Menon, the Indian security market will continue to show an upward trend due to the growth of mobility, applications, Web services and wireless that have reduced the importance of perimeter security (read firewalls) and increased the importance of proactive response and people controlled processes. However, the primary reason for this upsurge is the ongoing BPO boom. Even though security is vital to the growth of other sectors such as pharmaceuticals and BFSI, it has been BPO industry that has bought into security services in a big way. Menon says, “For India to be perceived as a trusted sourcing destination not only is the quality capability of Indian companies important, but their security capability to assure the confidentiality, integrity and availability of information. In order to attract investments we saw a large number of BPO outfits going in for security certification thereby boosting business.” The most popular services are vulnerability scanning, identity management and settings management. Throwing light upon the latest IT security concerns, Menon states, “Profit-motivated threats such as identity theft, phishing and spyware, are among the top security challenges.”

Adding products to the mix

Although SecureSynergy was initially determined to focus entirely upon security consulting, the company’s dedication to deliver the best to its clients led it to start providing tools for automating patch management. The tool called PatchEasy was launched in 2004. It streamlines the process of upgrading networked PCs and brings them in sync with security, service packs and bug fixes to ensure that all customers, applications and networks are running on the latest software. The company is set to launch PatchEasy 7.0 within the next two to three months.

With offices in four locations, SecureSynergy is now looking at tier one and two cities. It will soon establish a branch office at Calcutta. The company also intends to strengthen its international presence and is targeting countries such as the United States and Saudi Arabia. Menon adds, “A lot of research goes into finalising a destination before we set up operations in a particular country. The most important factor considered is a country’s potential for consuming IT security services.”

Employees ‘Core to the DNA’

For SecureSynergy its employee are ‘core to its DNA’. Ever since its inception, one of the biggest challenges faced by the company has been to find the people with the right skill sets. “When we started, the Indian security market was still at a nascent stage. Our key concern was to find people with the proper mindset,” says Menon. To overcome this hurdle the company offers training to its employees who are encouraged to understand both technology and processes as well as to get certification for both. Though presently the company has about 60 employees, it aims to take up this number to 90 by the end of fiscal 2006-07. Furthermore, the company believes in the practice of job rotation across departments to provide all round development.