/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsOne of the leaders in the Web security space with over 59% market share,
Websense has been focusing heavily on Web filtering and data security for the
past few years. However, with the changing security landscape and the Internet
(especially Web 2.0 applications) becoming a popular platform for business,
there is a growing need for protecting essential information both from inbound
as well as outbound threats. Timothy Lee, VP, Asia Pacific and Middle East,
Websense has been playing a key role in gaging these business related security
needs of enterprises in the APAC region for the past one year. In an exclusive
interview with Dataquest he talks about the increased need for integrated and
real time security solutions in the present scenario. Excerpts
Why is Websense giving a sudden thrust to Web 2.0 security in India?
Web 2.0 is one of the newest and most popular Internet-based technologies
and is getting a large number of eyeballs. Social networking portals such as
MySpace, Facebook and even Linked in are now being explored worldwide as
effective business tools. Also the growing need for collaborative websites that
enable software development among the developer community and the uptake of SaaS
and PaaS are all examples of mature Web 2.0 applications. There is a common
threat to all these applications as they are easily accessible by a large
untethered audience. Users constantly update information on these websites and
hence there is no single checkpoint or any screening before the information is
uploaded. According to a study conducted recently, almost 30% of Web 2.0 pages
have faced security threats. And the tricky part is that malware attacks have
been evolving and have constantly been shifting targets. Due to these
uncertainties many companies, especially in India, have not endorsed Web 2.0
sites as they have still not been able to monitor the usage patterns within the
company. Also, traditional patterns of addressing threats such as anti-virus,
IBS, and IPS are not effective anymore. As the threats are increasingly becoming
real time the protection needs to go real time as well.
/dq/media/post_attachments/8c994e9b35cd468c8634a41237013ed7e78d61a70dd7863dbe289031c8e576e5.jpg)
Websense has, over the years, specialized in Web security and filtering and
has been building solutions around it. This year we decided to productize one of
our security engines named WSG (Web Security Gateway) and offer it to enterprise
customers because of the real time nature of the solution. This new product sits
on top of the company network monitoring the information sent and received from
Web 2.0 pages in real time, preventing the network security from being
compromised. In the past Web security solutions were considered the bad guys as
they placed restrictions on the URLs that could be accessed and should be
blocked. With the WSG we are actually becoming an enabler by helping users
access websites of their choice in a safer way by constant content and Web
filtering.
How seriously are Indian enterprises looking at Web security and real time
security compared to the APAC region as a whole?
Web security is slightly different from real time security and provides
protection against phishing sites and malwares. India is fairly well developed
and mature in this space. Currently, Web 2.0 security is slowly taking off and
will be the next big wave in the security landscape. Enterprises are aware that
Web 2.0 threats exist and at the same time know that Web 2.0 is a great
resource. Within the APAC region enterprises are aware of the threats associated
with Web 2.0 but they are not implementing a solution to solve them. I think it
will take few more months before companies take any initiatives in this space.
On the other hand, most companies want to implement a solution but they do not
have the required budget and have consciously delayed it to the next budget
cycle. When it comes to real time security the situation is consistent across
the board. Traditionally, the BFSI sector has always been the early adopter of
security solutions mainly because of the nature of their business. However, they
have been very conservative and have not really opened up to the Web needs of
employees as they have to meet certain global compliance needs. Very few banks
are exploring real time security as they do not provide Internet access to all
their employees except for the top management. On the other hand, IT/BPO
companies are among the best in the world in terms of adopting real time Web
security solutions. Over 90% of the large and mid-sized BPO companies have been
providing Internet access to employees and have already invested in Web
security. As far as Web 2.0 is concerned they are actively considering it at the
moment. It has however not sparked much interest among the BFSI sector compared
to IT BPO companies as this need is really being driven by the employees
internally. According to many recruitment agencies today candidates are keen on
knowing whether the employer provides access to Web 2.0 sites before joining the
company. Many large enterprises are beginning to realize that to recruit and
retain a talented workforce, giving them access to Web 2.0 is a must. Many of
our large customers such as TCS, Wipro, Cognizant and HCL are beginning to
engage with us to tackle their Web 2.0 security needs.
How has the security landscape changed? What is the nature of threats that
companies in India are facing?
Data security has become a big concern especially with the convergence of
devices and applications. Accidental data leakage due to human error is the most
common problem within enterprises apart from basic malware attacks. This is an
area that we are trying to address in a big way through our Essential
Information Protection EIP strategy which allows email as well as Web filtering
and prevents accidental data leakage. It allows companies to classify the
essential and confidential information and provides a 360 degree protection.
Today, securing the enterprise network is not enough with the increasing use of
mobile devices and Wi-Fi. Hence, the EIP goes a step beyond by classifying and
securing the data itself. Apart from this, we have also been talking with
companies and conducting audits to show them the kind of information that is
sent and received by their employees.
In other relatively mature markets, Web 2.0 websites such as Facebook and
MySpace are being used as marketing tools. India has not reached half the
maturity that we see in these markets. Here very few companies are even
providing Internet access let alone Web 2.0 sites. But what will lead the Web
2.0 move in India will be IT employees as they are already aware of its benefits
and have started demanding it. Over the next few months when the job market is
better, IT employees will further drive the demand for Web 2.0 applications.
How mature is the threat reporting framework among Indian enterprises?
The threat reporting framework is still not very mature among Indian
enterprises. Unless confronted with a real security threat, companies do not
look at a threat reporting structure seriously. Websense has been creating a lot
of awareness around this and has been catering to the threat reporting needs of
enterprises though which they can constantly monitor the potential threat areas.
In addition, we conduct regular Employee Computing Risk Audits to help customers
understand the threats, effectiveness of the Web security solution and the
latest events taking place in the security scenario.
What has been the market growth rate for Web security solutions?
Websense already commands a 59% share of the overall Web security market. We
address two separate markets which will converge going forward. There are some
set of customers that use Web filtering and Web security but have not
transitioned to Web 2.0 security as they have not matured to that level. The Web
security market has already built a base for itself and hence will not grow as
fast as Web 2.0 which is still a new concept. For the past three years, we have
almost doubled our revenues every year in the Web security space. As more and
more banks, manufacturing companies provide Internet access to employees the
need for Web security will grow exponentially over the next three years. Web 2.0
security is still at a nascent stage, however we have a lot of expectations from
this space.
What has been Websenses go-to-market strategy?
Our GTM has been primarily to work with very large customers directly who
have helped in building our India market. We have not been relying entirely on
the channel network and have been engaging with customers directly as the large
buyers want to see the vendors face, and infrastructure capabilities and
ability to cater to their training needs. We started out in 2005 with only
twenty partners. Today, we have about 250 channel partnerswe manage 100
partners directly and the remaining 150 through distributors. We do a lot of
events to reach out to the enterprise community and educate them about Websense
solutions and also organize channel oriented events to get their mindshare,
apart from sales and technical training. In addition to marketing our suite of
security products we have been building service mechanisms around these
solutions such as consulting, implementation and support. We are in talks with
partners to build a suite of services around our solutions.
How is the competition landscape?
The competition is trying to catch up in the Web security space and over the
next year they will increasingly focus on Web security as this is a fast growing
market. As far as Web 2.0 solutions is concerned, to the best of our knowledge,
none of our competitors have developed solutions in this space so far. However,
we expect some formidable competition in this area a couple of years down the
line. We also foresee a great deal of consolidation among weaker players going
forward. Once there is a level playing ground we plan to focus more on EIP to
provide highly integrated solutions built on a common platform to our customers.
We believe EIP will give us a first mover advantage in many emerging markets.
Priya Kekre
priyak@cybermedia.co.in