AIR was commissioned by A10 Networks and conducted independently by strategic research firm Provoke Insights with the intent to provide education for employers that can help them reassess corporate policies and ultimately protect their businesses – and their applications – by simply becoming more aware of the behavior of their employees.
Neil Wu Becker, Vice President of Worldwide Marketing And Communications and Sanjai Gangadharan Regional Director SAARC at A10 Networks talks more about the report and its impact in an interview to DATAQUEST. Excerpts.
Can you tell more about A10 Networks?
Neil: A10 Networks has been around for over 13 years. We started with advanced load balancing – what we call the Application Delivery Controllers (ADCs), and in the past few years, the company has forayed in security and cloud as well. So like many other tech companies, cloud and security are two priorities for us and the company continues to grow. The total revenue generated last year was $230 million. We have a head count of 900 employees and our customer base has more than 5600 organisations around the world, of which a good majority are in Asia.
Can you talk about the Application Intelligence Report (AIR)?
Neil: AIR takes a unique, easy-to-understand approach to examining the human and cultural side of technology trends – specifically, the interaction with applications and the growing security implications that impact persons, businesses, and their IT organizations. Based on research involving more than 2,000 business and IT professionals at companies from various industries around the world- including India, AIR addresses the rise in use and significance of apps in our “blended lives”; in which lines blur between how the global workforce manages work and personal business through use of apps at home, in the office and anywhere in between.
The research was conducted across 10 countries, including some of the world’s largest economies and fastest growing populations of technology adopters: Brazil, China, France, Germany, India, Japan, Singapore, South Korea, the United Kingdom and the United States.
The key questions we asked were: How important are apps in everyday life? Is it more important than eating and drinking? Is it as important as sunlight or being with family? According to the results of AIR, work and personal apps are so integral in daily life that many in the global workforce believe it is impossible and physically uncomfortable to live without them, drawing comparisons to basic daily nourishment like eating, breathing and socializing.
We are trying to set a baseline on just how important apps are in human life because there are consumer tendencies that you and I both have that we do with our apps. It could be on a mobile phone or on web-based apps, or on laptops that we naturally carry behaviourally and psychologically into the workforce – using work base devices or corporate networks. So the blended lifestyle that we have where personal and work is no longer segregated is something we started to investigate.
What are the attitudes toward App use and Security?
Neil: Although over four out of five respondents (83%) either agree or strongly agree that they think about security risks when first downloading an app, later on, security becomes much less of a concern, ranking behind performance (32%) and ease of use (24%). Even though they think app developers may not have security as their top concern – or have the proficiency to build secure apps – people still download apps and take their chances, as nearly half the respondents (47%) still expect to be protected from cyber-attacks either by their company or third-party app developers.
The survey found a growing acceptance of the inevitability of getting hacked, as nearly one in three respondents (29%) feel cyber-attacks “are a fact of life,” and one in five respondents (21%) just “try not to think about it”.
Roughly one in three respondents (32%) surveyed thinks about security concerns when using personal apps. For business apps, security is even less of a thought, as less than one in five respondents (17%) surveyed cite security as a top concern when using them.
Meanwhile, if you look at the cyber security threat trends, more than one in ten respondents (13%) say that they have been a victim of identity theft. And by a wide margin, the younger the generation, the more likely the person is to be a victim of identity theft. Nearly one in five respondents (19%) in their 20s reported having their identity stolen globally, while only 2% of those respondents aged over 50 cited the same. This finding raises questions about how many people do not know they have been victimized.
In terms of hacking, one in five respondents (20%) have had their mobile device or computer hacked. Almost one in three respondents under 30 (31%) have been hacked. Moreover, digital theft is a new reality, nearly three out of five respondents (59%) think having their mobile device hacked and personal information stolen is more realistic than having their car broken into or their home burglarized.
On a macro perspective have you drilled down into the enterprise and consumer clients and then mapped the unique behaviour of each of these sections?
Neil: Officially no, because we operated on the premise, that all those who have been surveyed as part of the global workforce, including you and I, are consumers and work enterprise at the same time, throughout our waking hours. But there are certain findings that separate the two. I was talking to you about the level of security apathy in using apps- personal apps for the consumer, versus the enterprise apps for your business, where enterprise users are a little more lax with their security due-diligence. So there is some separation. But it is not done throughout the study because we assume, you and I, we do both.
As you know in the last 2-3 years BYOD has come into limelight. This makes the security landscape much more complicated if you bring a device outside the corporate network?
Sanjai: Bring your own device is a fantastic thing that has happened. But it has brought in complexities as well. But yes there are technologies to control what is going on in the network. We have the solutions around SSLi and DDoS to ensure that whatever activity is happening on the network, we bring in absolute visibility into the flow of information that is happening between the end devices and the internet or application or whatever it is. So we make life easier. With more and more gadgets coming in, it’s going to be more difficult for enterprises to say you need be using this, you need to be using that. BYOD will become a reality, and organisations will have to allow people to use their own gadgets as long they are able to control information flow and have visibility on what is happening in the network, on what the employee is doing when he is in office when he has to be productive at that point in time. So there are mature technologies available to monitor all that and we at A10 provide a much more robust platform. That will make this whole thing a big reality.
So how as a company, is A10 going to manifest these findings into some of your go to market strategies?
Neil: So this is a global answer and it applies to India as well. There are a number of things we can do with this type of data from an IT perspective. But what I can tell you cryptically and later this year you will see it publicly, is that internally we have the opportunity to share this data with our product development and engineering teams around the world on how they can prioritize some of the findings and mesh it with R&D and manifest in our future products. The bottom line is that it is one more way to understand the threat landscape.
So do you see a lot of traction for your advanced core operating system as you move forward?
Neil: ACOS is the fundamental foundation or backbone for our entire portfolio. What I can say is what we’re enriching the portfolio that is based on ACOS and recently we introduced more cloud focused solutions as well, some of which formulated here in India. We are driving hard to provide our customer with rich, per application analytics to give them not just the visibility, but also the ability to make automated decisions instantaneously. So analytics for us is becoming a very strategic priority for us because when we say visibility, it can mean a lot of things. The depth of visibility can be determined by the depth of analytics that you can provide your customer and especially on the security side, not just performance.
ACOS is definitely one of the most powerful switching operating systems that I have been associated with and it has been very well accepted by customers. And you know. it’s got all the features and functionalities built into it. So there is not much configuration involved and it is easy to use.
Finally looking at the findings of the report, do you think we need a new normal security paradigm going forward?
Neil: To start off, we look at this as an empowerment report rather than as a doomsday report. With the engagement level we have with our customers, IT for so long has been traditionally branded as a very tactical back office function. They fix things. They are not necessarily very collaborative or strategic with team boards (HR, employee policy and such). There is an opportunity for IT organisations and security teams within them to be more communicative and collaborative across different lines of business and functional groups. This can actually enable them to rank and file their employee base throughout the group to be much more secure and protect the enterprise.
I think the argument made is of centrally controlling and managing these services across any part of your infrastructural portfolio. I don’t care how many data centers you have, how many clouds are public or private, you need to be able to centrally manage and have visibility on analytics to drive performance and security decisions across the entire spectrum, even if you have a few more data centers in the future. To answer your question, in short, the paradigm needs to be one where it is very holistic and centrally managed across any set of data centers and clouds from an application visibility level.