Cyber Security has become a major concern for the enterprises as they are moving rapidly in to the cloud environment. Rajnish Gupta, Regional Director – India & SAARC, RSA Security explains why cloud security is important to consider for this new environment and how RSA Security is at the helms as a guardian.
Can you please elaborate on the need of cloud security and its sudden importance since the pandemic, from an India perspective?
The global pandemic has forced us all to reinvent how we work, learn, help, engage and socialize. Cloud computing has played a crucial role in enabling businesses and governments to quickly apply solutions to respond to the crisis and maintain continuity. Already on a fast track due to digital transformation initiatives, the journey to the cloud has been accelerated as businesses build resiliency in the new normal. The cloud offers many benefits, but most businesses don’t yet have a full grasp on the security and risk implications. This could lead to expanded use of private clouds rather than pushing everything toward public clouds.
In addition, as companies take steps to break down the data silos in their organizations, and as the cloud becomes more widely used, companies will have to develop new security policies that take into account the different security requirements for cloud architectures versus on-premises architectures. Organizations are adopting cloud-first strategies, keeping security and privacy risks associated with moving critical applications and sensitive data to the cloud, in mind. The fast-moving workforce and fast-changing environment require authentication solutions that provide both a high level of security and high level of convenience for users. Compounding the cloud challenge, service providers are constantly introducing new capabilities. This requires businesses to stay abreast of innovation and determine how to implement it for users. It’s a lot of intense and complex work, to be sure, but it is essential for securing this journey.
Cyber security is more than a necessity in the current environment. What measures can an organization take against the rising fraud rates and what solutions are being provided by RSA?
As a security and risk management company, we advocate focusing on visibility to provide insights and action. You can’t protect what you can’t see. We need to be able to first identify that this is a certain type of threat or potential threat, before we can do something about it. RSA Netwitness platform provides real time visibility to the security teams, enabling rapid detection of threats. It combines visibility; analytics and automation in a single solution thereby arming the security team stay ahead of these threats and minimize their impact on business.
While RSA Netwitness platform takes care of visibility, another key RSA solution – multi-factor authentication (MFA), provides a level of security that goes beyond just the password to authenticate user identity. With increasingly complex access environments, and more points of access than ever before, you have every reason to add multi-factor authentication options (including hard and soft tokens, smartphone-based push to approve, biometrics, SMS and more) wherever users connect to resources.
We are witnessing a lot of cyberattacks in the current times, especially in the online banking sector. India’s unified payments interface (UPI) is serving hundreds of millions of consumers. While it is helping India boost its economy, the effort is leading to unprecedented business risks too, resulting from an increase in potential vulnerabilities that fraudsters and cyber criminals can exploit. RSA Adaptive Authentication is an omni-channel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect against fraud across multiple digital channels. Powered by the RSA Risk Engine, this solution measures the risks associated with a user’s login and post-login activities by evaluating the risks indicators. This methodology provides transparent authentication for most users, ensuring a frictionless end-user experience and high fraud detection rates. RSA Adaptive Authentication offers proven fraud detection rates from 90-95 percent with low intervention.
The current scenario is leading to a lot of innovation on the digital platform, leading to increasing cyber security threats. What are the ways in which organizations can prevent these threats to secure their innovations?
As bad actors are increasingly diversifying their efforts and exploiting less-protected touchpoints, consumers and organizations must be more vigilant than ever. We often forget that fraudsters and scams can only be successful if it can socially engineer or fool victims into doing what it intends for them to do (e.g., downloading malware). Cybercrime is dependent on the human element, and fraudsters know they must manipulate our primal triggers to be successful.
Attached is RSA’s last quarterly fraud report for Q1 2020 which examines trends including the continued dominance of phishing and the rise of brand abuse among types of cyberattacks, as well as an increase in fraud transactions originating from mobile apps, online banking transaction volume from new accounts. The feature article within highlights the rapid rise of COVIS-19 fraud with examples observed by the RSA analysts during this period.
With the present situation – the way we do our business, how we interact with our customers and suppliers has changed. With cyber-attacks increasing, along with other factors like the mobile workforce, regulatory issues and data privacy are elevating the level of threats. To keep this in check, companies must keep pace with risk and security strategies that combine awareness, collaboration, investment and innovation.
Key points to keep into consideration:
- Business Resiliency Risk – As organizations continue to globalize and interconnect, they are exposed to more disruptions. A multi-national company could be affected at multiple sites, and if their distributed model also serves as a resiliency strategy, it could quickly become obsolete. Organizations of all sizes and scope need resiliency, backup or recovery plans. These plans help prepare the organization ahead of time so that they can react before, during and after a disruptive event.
- Third-Party Risk – Third parties are often as important to the organization that uses them as their own internal workings. An organization cannot be as resilient as they should be without ensuring the resiliency of their critical third parties. Since resiliency includes both operational and IT resiliency, it’s critical to evaluate when onboarding new vendors, as well as reviewing the capabilities of your existing third parties.
- Dynamic Workforce Risk – Many organizations have moved towards offering remote work options more extensively. The workforce model itself has evolved from 100% full-time employees onsite, to using more gig, contract, third party and other non-traditional workers in a variety of shifts, roles and locations. This has been done for business reasons and to leverage digital transformation, but it is also an effective resiliency and workforce continuity measure.
One of our key products – RSA Archer® Suite offers integrated risk management solutions which can help customers identify, assess and reduce impact of the additional risks specific to them so that they are better prepared for the next disruptive event.
How is RSA enabling its customers and partners to secure their data and what solutions are being offered?
The shortage of cyber security skills is a big struggle even with the best tools, processes and budgets available. Technologies are helping businesses close the skills gap, as they will look to reduce dependency on talent via security orchestration and automation software, risk-based prioritization, and comprehensive threat analytics. Despite a growing list of options, there is no one-size-fits-all solution for identity and access management. Better buyer support and more decision-making guides will help businesses looking to strike a balance between security and user experience.
We want to continue to skill key partners with more than one product family. The RSA product family is designed to seamlessly interlock and provide value to our customers. We will help train our partners to architect and deploy RSA NetWitness Suite, RSA Archer Suite, RSA SecurID Access and RSA Fraud and Risk Intelligence solutions. There are various levels of training provided through the On-Demand online portal, instructor led training and certifications. We also provide a shadowing experience where a partner gets to learn a real time deployment by shadowing the RSA team.
Together, we will help our customers adopt cloud offerings to realize the benefits and of the cloud-enabled elements of the RSA portfolio. Organizations of all sizes are going through digital transformation. Through this process, they’re encountering risks that they never planned for nor anticipated. Together with our channel partner ecosystem, we can help organizations across all industries manage a myriad of risks with RSA Business-Driven Security solutions. Whether the challenge is regulatory risk, a more dynamic workforce, cloud or automation, RSA has a set of solutions to help manage traditional and emerging digital risks.