Mid-size firms starting to adopt GRC: Symantec

Governance, Risk & Compliance

Most Commented

Unified Communication for your Biz

Improve your contact center performance. See how you can make a difference.

Watch Now

Reach the ICT Community

Engage and build your ICT audience with CIOL online advertising.

Know more

Mid-size firms starting to adopt GRC: Symantec

Compliance regulations are pushing people into being careful, and it is a matter of time that the smaller companies follow suit

Pradeep Chakraborty

Tuesday, September 16, 2008

Email This

Print This

Comments

RSS

BANGALORE, INDIA: GRC (governance, risk and compliance) is doing the rounds today, across enterprises, mid-sized and also small businesses. In fact, it is an integral part of the security landscape today. In this scenario, it is also necessary to keep track of the key trends in compliance, as well as the interest level of various companies in the subject.

Shantanu Ghosh, Vice President for India Product Operations, Symantec Corp.

I recently met up with Shantanu Ghosh, Vice President for India Product Operations at Symantec Corp., to discuss all of these points regarding GRC. He spearheads Symantec's India Innovation centres in Pune and Chennai. Ghosh joined Symantec through the BindView Corp. acquisition, two years ago. He was Vice President of Engineering at BindView and responsible for setting up, building and running its largest R&D center in Pune, India.

Excerpts from an interview:

CIOL: What are the main trends in compliance?

Shantanu Ghosh: We can see three trends: compliance mandates several and conflicting/complex petabytes of information. Next, information and applications sit in a cloud. Finally, there is a growing need for managing and finding, and protecting unstructured data.

When we talk about Security 2.0, it entails the following: keep the good things in; balance risks and opportunities; protect information and interactions; make decisions based on reputations; and standardize and automate processes.

CIOL: How do you see the adherence to compliance up in India?

SG: Compliance is a fast moving area. One of our clients in India is HDFC Bank. In fact, BFSI has been among the early adopters. We believe in policy-driven compliance. Our policy manager component allows you to decide what you want to comply with. This is called the Control Compliance Suite (CCS). We map your existing policy and point out the gaps.

The second part of the product does evidence gathering. It has a highly scalable architecture. The third aspect is the Resource Assessment Module. It processes the checklists.

CIOL: When you talk about policy manager, how important are the user inputs?

SG: The user inputs are very important. You need to determine what are his highest value assets! What can we tell from the compliance viewpoint?

For example, there could be say, 50 items that you need to check. However, the impact of each one of the 50 items could be different. This is the kind of risk posture that a company gets.

CIOL: How has been the adoption of GRC among the mid-sized companies

SG: Mid-size companies are now starting to get into GRC (governance, risk and compliance). The large enterprises are now quite compliance focused. Compliance regulations have pushed people into being careful. The smaller companies are bound to follow suit.

We have a build-buy-partner story. We invest 15 percent of our revenue into R&D.

CIOL: What is the level of work being done at the India R&D center?

SG: The India R&D center was set up in the mid 1990s. Today, we have 2,600 people at the Pune center. We (Symantec) opened another center in Chennai.

These are significant R&D teams that develop/test products. They follow all of the global methodologies. We also do things that are regionally relevant. For example, we developed the JSOX products out of Pune.

CIOL: Can you also touch upon the work done at Symantec Research Labs (SRL)?

SG: At SRL, we do development work on what should be tomorrow's products. Earlier, we used to do the research/prototyping, etc., and then turned it over to the products group.

We now have an Advance Concepts Lab. It develops all of the first-generation products, besides seeding of new markets.

CIOL: What are the research and the technology drivers?

SG: Our research drivers include green IT, boundaryless enterprise, complexity, consumerization of IT, cost reduction, etc. We believe that there will be a mandate for green IT in countries, sooner or later.

Our technology drivers include virtualization, SaaS/cloud services, reputation, etc. The SaaS model is definitely more beneficial for the fast moving SMBs. Depending on who you are, your needs would differ!

CIOL: Since you touched upon virtualization, how do you see endpoint virtualization evolving?

SG: In virtualization itself, server virtualization is now quite mature. However, endpoint virtualization is still a very new concept. Reputation based services are also becoming popular.

CIOL: Can you highlight some of the projects currently being done at SRL?

SG: Some of the projects we have dome at the SRL include:

1. The Project "Canary" Browser Protection. The technology generically blocks attacks against browser vulnerabilities.
2. New malicious signatures.
3. Reputation-based security: We developed "Mr. Clean Tech" technology within the SRL. It also checks the web browsing 'hygiene' of the people who visit sites that have 'bad hygiene'. We have already implemented it with the opt-in users. This is being used for testing.

CIOL: Finally, what are the trends that you see today as far as threats are concerned?

SG: In phishing, there are bot herders [Bot herders are crackers who use automated techniques to scan specific network ranges and find vulnerable systems, such as machines without current security patches, on which to install their bot program. The infected machine then has become one of many zombies in a botnet and responds to commands given by the bot herder, usually via an Internet Relay Chat channel: Wikipedia], who keep several infected computers. Using those PCs, they send out a phishing attack.

Another trend is the memory drive problem. People put malware into it and leave it around.

©CIOL Bureau

Would you like to on this article?

Be first to comment on this article

Name
Email
Your reply

China wooing Indian IT companies

Polaris eyes emerging mkt post LaserSoft takeover

Arrested NASA scientist worked on Chandrayaan-1

Yahoo triples profit, beats expectations

Windows 7: Should CIOs migrate?

Riverbed announces Steelhead Mobile 3.0

Samsung announces TouchWiz packin' smartphones

Intel in talks with ITI for WiMAX JV

ZTE, Huawei, Ericsson ranked top networking vendors

McAfee intros new email and web security appliance

	Simplify Business Management. ERP solutions by IBM
	Carry your Dream, Convey your Value with ZTE
	Get EMC Efficient.Learn more

	Get expert views on Mobilin V2
	How to make your enterprise productive
	Unified Communication can impact business. Know how

	Making Web3.0 a Reality!
	CIOL Enterprise Next :What's NEXT in IT? :
	Decrease Total System Costs With Cyclone IV FPGAs

	Reach your desired Target Audience and realize high ROI
	Effective ways of Customer Acquisition through Demand Generation
	Reach 2,500 potential Enterprise Customers!