Mid-size firms starting to adopt GRC: Symantec

Governance, Risk & Compliance

Mid-size firms starting to adopt GRC: Symantec

Compliance regulations are pushing people into being careful, and it is a matter of time that the smaller companies follow suit

Pradeep Chakraborty

Tuesday, September 16, 2008

BANGALORE, INDIA: GRC (governance, risk and compliance) is doing the rounds today, across enterprises, mid-sized and also small businesses. In fact, it is an integral part of the security landscape today. In this scenario, it is also necessary to keep track of the key trends in compliance, as well as the interest level of various companies in the subject.

Shantanu Ghosh, Vice President for India Product Operations, Symantec Corp.

I recently met up with Shantanu Ghosh, Vice President for India Product Operations at Symantec Corp., to discuss all of these points regarding GRC. He spearheads Symantec’s India Innovation centres in Pune and Chennai. Ghosh joined Symantec through the BindView Corp. acquisition, two years ago. He was Vice President of Engineering at BindView and responsible for setting up, building and running its largest R&D center in Pune, India.

Excerpts from an interview:

CIOL: What are the main trends in compliance?

Shantanu Ghosh: We can see three trends: compliance mandates several and conflicting/complex petabytes of information. Next, information and applications sit in a cloud. Finally, there is a growing need for managing and finding, and protecting unstructured data.

When we talk about Security 2.0, it entails the following: keep the good things in; balance risks and opportunities; protect information and interactions; make decisions based on reputations; and standardize and automate processes.

CIOL: How do you see the adherence to compliance up in India?

SG: Compliance is a fast moving area. One of our clients in India is HDFC Bank. In fact, BFSI has been among the early adopters. We believe in policy-driven compliance. Our policy manager component allows you to decide what you want to comply with. This is called the Control Compliance Suite (CCS). We map your existing policy and point out the gaps.

The second part of the product does evidence gathering. It has a highly scalable architecture. The third aspect is the Resource Assessment Module. It processes the checklists.

CIOL: When you talk about policy manager, how important are the user inputs?

SG: The user inputs are very important. You need to determine what are his highest value assets! What can we tell from the compliance viewpoint?

For example, there could be say, 50 items that you need to check. However, the impact of each one of the 50 items could be different. This is the kind of risk posture that a company gets.

CIOL: How has been the adoption of GRC among the mid-sized companies

SG: Mid-size companies are now starting to get into GRC (governance, risk and compliance). The large enterprises are now quite compliance focused. Compliance regulations have pushed people into being careful. The smaller companies are bound to follow suit.

We have a build-buy-partner story. We invest 15 percent of our revenue into R&D.

CIOL: What is the level of work being done at the India R&D center?

SG: The India R&D center was set up in the mid 1990s. Today, we have 2,600 people at the Pune center. We (Symantec) opened another center in Chennai.

These are significant R&D teams that develop/test products. They follow all of the global methodologies. We also do things that are regionally relevant. For example, we developed the JSOX products out of Pune.

CIOL: Can you also touch upon the work done at Symantec Research Labs (SRL)?

SG: At SRL, we do development work on what should be tomorrow's products. Earlier, we used to do the research/prototyping, etc., and then turned it over to the products group.

We now have an Advance Concepts Lab. It develops all of the first-generation products, besides seeding of new markets.

CIOL: What are the research and the technology drivers?

SG: Our research drivers include green IT, boundaryless enterprise, complexity, consumerization of IT, cost reduction, etc. We believe that there will be a mandate for green IT in countries, sooner or later.

Our technology drivers include virtualization, SaaS/cloud services, reputation, etc. The SaaS model is definitely more beneficial for the fast moving SMBs. Depending on who you are, your needs would differ!

CIOL: Since you touched upon virtualization, how do you see endpoint virtualization evolving?

SG: In virtualization itself, server virtualization is now quite mature. However, endpoint virtualization is still a very new concept. Reputation based services are also becoming popular.

CIOL: Can you highlight some of the projects currently being done at SRL?

SG: Some of the projects we have dome at the SRL include:

1. The Project "Canary" Browser Protection. The technology generically blocks attacks against browser vulnerabilities.
2. New malicious signatures.
3. Reputation-based security: We developed "Mr. Clean Tech" technology within the SRL. It also checks the web browsing 'hygiene' of the people who visit sites that have 'bad hygiene'. We have already implemented it with the opt-in users. This is being used for testing.

CIOL: Finally, what are the trends that you see today as far as threats are concerned?

SG: In phishing, there are bot herders [Bot herders are crackers who use automated techniques to scan specific network ranges and find vulnerable systems, such as machines without current security patches, on which to install their bot program. The infected machine then has become one of many zombies in a botnet and responds to commands given by the bot herder, usually via an Internet Relay Chat channel: Wikipedia], who keep several infected computers. Using those PCs, they send out a phishing attack.

Another trend is the memory drive problem. People put malware into it and leave it around.

©CIOL Bureau

Would you like to Comment on this Article?

Name
Email
Comment Here
Code Verification

Be first to comment on this article

+ Follow us to know more about CIOL +

Telecom tariffs may rise by 90 paise in metros

Beyond Google & Bing: Lesser known search engines

Indian students among Google Science Fair finalists

Amitabh Bachchan needs Apple Mac lessons

'48 p.c. Indians skip work to watch IPL'

Why 122,680 Facebookers 'like' Nirmal Baba?

Do you think IT employees need unions?

Can Aamir Khan bring down female foeticide?

Book your trip to Vaishno Devi online

DataWind terms Aakash II launch a revolution

Subscribe to PCQuest for iPad & Android tablets

Register Free at DQ Top 20 Online portal & get insights on the Indian IT Industry

Enterprise IT News and Analysis in your inbox

Subscribe to the free PCQuest newsletter

Do you think IT employees need unions?

Arun and Cipla - no ladders, no snakes

Cyber attacks: Have India's neighbours turned culprits?

Personal cloud will eclipse PC: Gartner

SMEs don't give much importance to security

Sponsored Links:

Custom Sites:

Demo Downloads On:

1-Click News Updates