Forward-thinking enterprises need to focus on a sustainable approach to security and risk management designed to address the new wave of vulnerabilities.

The global enterprise security market is poised to explode, with employees replacing desktops and laptops with smartphones and tablets, and IT departments scrambling to connect and protect these devices. Consumerization and proliferation of smartphones, iPads, netbooks, and other mobile devices connected 24X7 to the Internet are driving enterprises to reassess how critical infrastructure in headquarters, branch offices, remote offices, and data centers is protected from threat. Successful selling security solutions in this space is about to allow the IT department to connect all devices they need to connect and provide a consistent level of security policy and enforcement for all these devices.

Changing Security Posture

Enterprises are moving toward buying and deploying integrated security solutions, including firewalls with mail and gateway antivirus, IPS, DLP, mobile device security, and application control, instead of standalone solutions, which is driving up the overall network security market. The integrated appliance sales are outgrowing standalone content security gateways sales.

The network security market encompassing firewall, unified threat management, intrusion detection, and prevention and virtual private network products is expected to witness a faster growth over hardware. Software-based solutions are predicted to make up over 26 percent of the market by 2014. Security-as-a-service (SaaS) and other hosted security services are expanding product market sales. Any vendor in the content security market without an SaaS offering is missing out on the fastest growing segment. The Indian network security market is primarily dominated by Cisco, Fortinet, CheckPoint, McAfee, Juniper, and Dell (SonicWall). IBM, Websense, Symantec, Nevales, ZyXel, RadWare, R&M, and WatchGuard have also marked an impressive presence in this market.

The ever-growing sophistication of malware creators - including their skill at evading detection - puts unprecedented pressure on organizations to protect their information and their employees from web-based threats.

Adding to this pressure is workers' reliance on the web to do their jobs and grow the business, no matter where they are working or what devices they are using. Businesses fear the impact of poor threat protection and of unmonitored and unregulated web access.

Web trends such as the growth of social media and user-generated content increase these risks. For malware creators, social networks and their users offer rich opportunities to launch threats, particularly those that involve social engineering and exploiting the trust of a target. Because these threats are triggered by the actions of unsuspecting web users, they are not as easily blocked at the points at which traffic enters the network.

BYOD revolution has further complicated the task of securing an organization against threats. Workers access the web from desktop computers in their offices, from laptops in airports, and from smartphones and tablets at home and on the road, which requires security professionals to secure traffic that is beyond their network perimeter.

These challenges add up to demands on security professionals to manage the varied pressures on their data centers. They need to protect and manage web traffic to and from users and their devices; they need to maintain high levels of performance and data availability; they need to migrate enterprise applications and online business activity to the web; and they need to invest in cost-effective, long-term solutions for web security.

Security for enterprise is not just about malware and firewalls, threats are now more persistent, sophisticated, and unpredictable than ever before. Forward-thinking enterprises realize that they need to focus on a sustainable approach to security and risk management. It needs to be designed to address the new wave of vulnerabilities that prevail as a result of increasing trends in IT consumerization, mobility, social media, cloud computing, cyber crime, and nation-state attacks.

Enterprises need to remain alert and ready to respond to associated risks, so as to avoid compliance issues, financial loss, and reputation damage.

Every business decision has an inherent risk; it is essential to understand and make decisions based on the cost and potential value of that risk. CISOs no longer lie awake at night worrying just about defending perimeters and the latest worm outbreak of their organizations. For employees, there is no longer a hard line between work and home devices as they bring personal devices to work and take work devices home. This presents challenges in terms of controlling network access, identity, and application permissions.

With the dangers of nation-state attacks, the unpredictability of hacktivism, and the burgeoning market that surrounds cyber criminals, every enterprise needs to take a defensive posture and assume it to be under attack. Furthermore, unlike simple viruses and malware of the past, most of the damaging cyber attacks are low and slow. Multiple points of entry are plotted slowly over time, avoiding individual detection while collectively posing a serious threat of surreptitious damage.

Over the past few years, the IT industry has been abuzz over cloud computing. While many cloud services offer attractive benefits, they also leverage complex technologies that have security ramifications. Most cloud providers rely on intricate, custom-made web applications, or leverage virtualization to provide scalability and multi-tenancy. Though these are innovative technologies, they also pose dire risks when implemented incorrectly, causing systems to no longer be secure. Organized criminals are expected to target cloud services and significantly breach the cloud provider. Cloud service providers need to recognize risk and add premium security to their offerings.

CIOs see benefits of leveraging standardized applications, reduced maintenance, pay-per-use models, and reduced CapEx from cloud computing. Not only CIOs need to maintain things such as compliance, privacy, and transaction integrity, but must also extend these across the service supply chain that comprises the cloud services being used.

Virtualization is no longer a new technology on the block. Enterprises have leveraged it in production environments for years; most IT professionals have become familiar with it and have at least experimented with it as a tool. As with other emerging technologies, as virtualization matures, its usage increases among smaller companies and organizations. Many small- and mid-size enterprise IT professionals still do not comprehend potential security ramifications of poorly implemented virtual environments. As a lack of security know-how and increased reliance on virtualization, risk of data loss dramatically increases. Virtualization security solutions are forecasted to witness considerable rise among smaller and medium businesses owing to their increased reliance on this technology.

Problems with Traditional Approach to Security

Over the years, as systems, software, and the Internet have evolved, the approach to information security has followed right along. In most enterprises, each new project or program includes some measure of security, often added at the tail end of implementation. This has given rise to today's security market, which has literally thousands of security vendors, technologies, and solutions. There is security for the network, for servers and storage, for data and content, for identity and access management, for encryption, and for application security among others. Security has traditionally been a project afterthought; most enterprises currently support a wide array of unrelated products and uncoordinated processes. Point solutions provide point data, actions, and reports; however, they can only address specific point objectives and decisions. This traditional approach to accumulating one-off security technology has left the enterprise with a variety of security point solutions that address only a sampling of its point security vulnerabilities.

Furthermore, security is scattered across silos, business units, and functional areas - including IT, accounting, legal, HR, and the security office itself. Compounding this situation is the maze of compliance needs and regulations - both industry-specific and cross-industry - all of which increase the burden for the CISO.

The lack of coordination between people, process, and technology results in significant blind spots for an enterprise. Clearly, continuing to pile on more software, more processes, and more stopgap measures is not a viable solution. Threats have become more common, more complex, and more costly.

With several issues rising from the reliance on a traditional approach to security, many enterprises have a patchwork of processes and technologies that simply do not work well together.

Enterprises are looking at deploying network security capabilities that cover intrusion prevention, firewall, web security, e-mail security, data protection, and network access control for every portion of the enterprise, from vulnerable endpoints to the heart of the network.

Enterprises need better threat intelligence by way of combined malware experts and researchers in the areas of e-mail, web, and network threats. Organization are willing to invest in tightly integrated security capabilities that span complete content and data lifecycle management.

It is the time to rethink security in a broader context and to bring everyone in enterprise together - across silos and functional roles - so that one can protect the information capital running through all business processes. The challenge is to create an integrated ecosystem that is fully prepared to anticipate and prevent threats, wherever and whenever they affect the enterprise.

"The network security market in India is vibrant. In fact, network security has been one of the top agendas to be handled by CIOs in the last two years, mainly due to the need to comply to government regulations. The key factors that are driving the network security market are the proliferation of mobile devices like tablets and smart phones that have allowed employees to access the corporate network and do their work from anywhere; and IT consumerization, which represents an increasing risk to enterprises' information security. As these devices are personal, and go beyond the security firewall of the organization, it is becoming a major task to secure these devices and monitor them. Organizations have to deploy solutions that can monitor and secure these mobile devices.

On new breed of security challenges

The survey commissioned on bring your own device (BYOD) by Fortinet has found that BYOD environment lacks many of the traditional security controls that organizations have relied on to secure their data, leaving gaps in their data and device protection strategy.

The survey findings state that both network managers and senior management are ultimately responsible for the strategic decision about the degree to which the business embraces BYOD. For financial organizations, this decision becomes even more critical. Larger organizations will have mature IT strategies and policies in place. But smaller financial businesses that might not have such well-developed strategies should be concerned about the attitude of the employees.

On expansion plans for 2013-14

In FY 2011-12, Fortinet India has built up two strong vertical practices - telco and the government - following the adoption of a vertical sales strategy approach. These two verticals represent strong business opportunities with increased pressure on regulations on one hand and the advent of 3G and WiMAX technologies on the other.

The company will pursue the efforts initiated in expanding its channel ecosystem across India. The objective is to have, by end of this year, 300 partners - established security players in their geographical areas of operations - to represent Fortinet in various regions of India, and in priority the top five cities. These partners will help capture a larger share of the fast-growing Indian network security market, which, according to Frost & Sullivan, is expected to grow at a CAGR of 15.3 percent between 2011 and 2017."