Web 2.0 security will be the next big wave

DQI Bureau
New Update

One of the leaders in the Web security space with over 59% market share,

Websense has been focusing heavily on Web filtering and data security for the

past few years. However, with the changing security landscape and the Internet

(especially Web 2.0 applications) becoming a popular platform for business,

there is a growing need for protecting essential information both from inbound

as well as outbound threats. Timothy Lee, VP, Asia Pacific and Middle East,

Websense has been playing a key role in gaging these business related security

needs of enterprises in the APAC region for the past one year. In an exclusive

interview with Dataquest he talks about the increased need for integrated and

real time security solutions in the present scenario. Excerpts


Why is Websense giving a sudden thrust to Web 2.0 security in India?

Web 2.0 is one of the newest and most popular Internet-based technologies

and is getting a large number of eyeballs. Social networking portals such as

MySpace, Facebook and even Linked in are now being explored worldwide as

effective business tools. Also the growing need for collaborative websites that

enable software development among the developer community and the uptake of SaaS

and PaaS are all examples of mature Web 2.0 applications. There is a common

threat to all these applications as they are easily accessible by a large

untethered audience. Users constantly update information on these websites and

hence there is no single checkpoint or any screening before the information is

uploaded. According to a study conducted recently, almost 30% of Web 2.0 pages

have faced security threats. And the tricky part is that malware attacks have

been evolving and have constantly been shifting targets. Due to these

uncertainties many companies, especially in India, have not endorsed Web 2.0

sites as they have still not been able to monitor the usage patterns within the

company. Also, traditional patterns of addressing threats such as anti-virus,

IBS, and IPS are not effective anymore. As the threats are increasingly becoming

real time the protection needs to go real time as well.

Websense has, over the years, specialized in Web security and filtering and

has been building solutions around it. This year we decided to productize one of

our security engines named WSG (Web Security Gateway) and offer it to enterprise

customers because of the real time nature of the solution. This new product sits

on top of the company network monitoring the information sent and received from

Web 2.0 pages in real time, preventing the network security from being

compromised. In the past Web security solutions were considered the bad guys as

they placed restrictions on the URLs that could be accessed and should be

blocked. With the WSG we are actually becoming an enabler by helping users

access websites of their choice in a safer way by constant content and Web



How seriously are Indian enterprises looking at Web security and real time

security compared to the APAC region as a whole?

Web security is slightly different from real time security and provides

protection against phishing sites and malwares. India is fairly well developed

and mature in this space. Currently, Web 2.0 security is slowly taking off and

will be the next big wave in the security landscape. Enterprises are aware that

Web 2.0 threats exist and at the same time know that Web 2.0 is a great

resource. Within the APAC region enterprises are aware of the threats associated

with Web 2.0 but they are not implementing a solution to solve them. I think it

will take few more months before companies take any initiatives in this space.

On the other hand, most companies want to implement a solution but they do not

have the required budget and have consciously delayed it to the next budget

cycle. When it comes to real time security the situation is consistent across

the board. Traditionally, the BFSI sector has always been the early adopter of

security solutions mainly because of the nature of their business. However, they

have been very conservative and have not really opened up to the Web needs of

employees as they have to meet certain global compliance needs. Very few banks

are exploring real time security as they do not provide Internet access to all

their employees except for the top management. On the other hand, IT/BPO

companies are among the best in the world in terms of adopting real time Web

security solutions. Over 90% of the large and mid-sized BPO companies have been

providing Internet access to employees and have already invested in Web

security. As far as Web 2.0 is concerned they are actively considering it at the

moment. It has however not sparked much interest among the BFSI sector compared

to IT BPO companies as this need is really being driven by the employees

internally. According to many recruitment agencies today candidates are keen on

knowing whether the employer provides access to Web 2.0 sites before joining the

company. Many large enterprises are beginning to realize that to recruit and

retain a talented workforce, giving them access to Web 2.0 is a must. Many of

our large customers such as TCS, Wipro, Cognizant and HCL are beginning to

engage with us to tackle their Web 2.0 security needs.

How has the security landscape changed? What is the nature of threats that

companies in India are facing?

Data security has become a big concern especially with the convergence of

devices and applications. Accidental data leakage due to human error is the most

common problem within enterprises apart from basic malware attacks. This is an

area that we are trying to address in a big way through our Essential

Information Protection EIP strategy which allows email as well as Web filtering

and prevents accidental data leakage. It allows companies to classify the

essential and confidential information and provides a 360 degree protection.

Today, securing the enterprise network is not enough with the increasing use of

mobile devices and Wi-Fi. Hence, the EIP goes a step beyond by classifying and

securing the data itself. Apart from this, we have also been talking with

companies and conducting audits to show them the kind of information that is

sent and received by their employees.

In other relatively mature markets, Web 2.0 websites such as Facebook and

MySpace are being used as marketing tools. India has not reached half the

maturity that we see in these markets. Here very few companies are even

providing Internet access let alone Web 2.0 sites. But what will lead the Web

2.0 move in India will be IT employees as they are already aware of its benefits

and have started demanding it. Over the next few months when the job market is

better, IT employees will further drive the demand for Web 2.0 applications.


How mature is the threat reporting framework among Indian enterprises?

The threat reporting framework is still not very mature among Indian

enterprises. Unless confronted with a real security threat, companies do not

look at a threat reporting structure seriously. Websense has been creating a lot

of awareness around this and has been catering to the threat reporting needs of

enterprises though which they can constantly monitor the potential threat areas.

In addition, we conduct regular Employee Computing Risk Audits to help customers

understand the threats, effectiveness of the Web security solution and the

latest events taking place in the security scenario.

What has been the market growth rate for Web security solutions?

Websense already commands a 59% share of the overall Web security market. We
address two separate markets which will converge going forward. There are some

set of customers that use Web filtering and Web security but have not

transitioned to Web 2.0 security as they have not matured to that level. The Web

security market has already built a base for itself and hence will not grow as

fast as Web 2.0 which is still a new concept. For the past three years, we have

almost doubled our revenues every year in the Web security space. As more and

more banks, manufacturing companies provide Internet access to employees the

need for Web security will grow exponentially over the next three years. Web 2.0

security is still at a nascent stage, however we have a lot of expectations from

this space.

What has been Websenses go-to-market strategy?

Our GTM has been primarily to work with very large customers directly who

have helped in building our India market. We have not been relying entirely on

the channel network and have been engaging with customers directly as the large

buyers want to see the vendors face, and infrastructure capabilities and

ability to cater to their training needs. We started out in 2005 with only

twenty partners. Today, we have about 250 channel partnerswe manage 100

partners directly and the remaining 150 through distributors. We do a lot of

events to reach out to the enterprise community and educate them about Websense

solutions and also organize channel oriented events to get their mindshare,

apart from sales and technical training. In addition to marketing our suite of

security products we have been building service mechanisms around these

solutions such as consulting, implementation and support. We are in talks with

partners to build a suite of services around our solutions.

How is the competition landscape?

The competition is trying to catch up in the Web security space and over the

next year they will increasingly focus on Web security as this is a fast growing

market. As far as Web 2.0 solutions is concerned, to the best of our knowledge,

none of our competitors have developed solutions in this space so far. However,

we expect some formidable competition in this area a couple of years down the

line. We also foresee a great deal of consolidation among weaker players going

forward. Once there is a level playing ground we plan to focus more on EIP to

provide highly integrated solutions built on a common platform to our customers.

We believe EIP will give us a first mover advantage in many emerging markets.

Priya Kekre