SDA: Looking beyond products, what areas/aspects should a good information security solution cover?
Humphry Chan: A good information security solution should consist of secure authentication, accurate authorization, robust confidentiality as well as legally binding non-repudiation. Besides, as in many other solutions, usability and manageability are always the critical factors to the success of application.
SDA: What are the risks and costs associated with password authentication for enterprises?
Humphry Chan: Risks: Password sniffing with free utility from Internet, Intentional/Unintentional password sharing among users, Password leakage from social engineering and eavesdropping.
Costs: High cost of Password Management including Frequent Password Reset, Regular Password Change Request, Time spent to manage different passwords from different applications.
SDA: How can companies better manage password authentication?
Humphry Chan: In order to minimize the effort of password authentication, companies should centralize password authentication of multiple applications and/or provide facility to ease the effort on managing password. In the long run, companies should aim for token-based authentication.
SDA: How do token-based systems improve upon password authentication?
Humphry Chan: Token-based authentication is a 2-factor authentication solution. It can remove the risk from password sharing and minimize the huge costs from password management. Token-based authentication can also significantly reduce the cost of user credential management for the existing solution and other newly integrated application in the future. Besides, PKI token itself can usually provide not only authentication function but also data security function like data encryption, decryption and digital signing.
SDA: What is the scope of biometrics in information security?
Humphry Chan: Biometrics could play a role in human-to-machine authentication space under the information security field. However, it is not widely adopted due to privacy and cost concerns.
SDA: From a technology point of view, what can be done to prevent revenue loss from licensing non-compliance?
Humphry Chan: Enforcing hardware-based and/or software-based right management solution can help company to secure their revenue from non-compliance licensing. The solution could be a hardware dongle/token that is required to plug in to the computer in order to run a program or a software license that is required to present during software installation.
SDA: Are the enterprise security needs of companies in the Asia-Pacific region different from their counterparts elsewhere?
Humphry Chan: Asia-Pacific possesses peoples of diverse culture. It directly affects their perception of security in information security area and in turn the policy and regulation to be enforced in enterprise. Also, some countries have their own standard cryptographic algorithms, they request product selling to them are built-in with their own standard algorithms.
SDA: What made SafeNet opt for the channel route? Will customers benefit?
Humphry Chan: Channel business is important to SafeNet as it serves as an extended arm for us to provide strong local services and support to our customers. We trained up our partners to provide all the necessary pre- and post- sales support and customers could easier get what they want in a cost-effective and timely manner.
SDA: You have a strong presence in the financial and government verticals in India. Are these going to be the drivers of SafeNet’s business elsewhere in APAC?
Humphry Chan: Yes, we can replicate this successful model in other countries in APAC or even the rest of the World. In fact, we are doing it everyday. We have built an efficient channel to share the market knowledge and industrial experience among our offices.
SDA: Licensing non-compliance is of particular concern in Asia, where software and media piracies are widespread and the legal process inefficient. How do enterprises prevent this in a weak compliance and enforcement environment?
Humphry Chan: Enterprise should firstly take a proactive role to prohibit employee from installing/using unlicensed software. It should bind to their employee’s code of ethics. In addition, they can consider all possible measures with their best knowledge to strengthen this enforcement on their employee’s equipments.
SDA: Looking into the future, what technological advances do you visualize in the enterprise information security domain over the next 10 years?
Humphry Chan: Due to regulation and policy requirement, data-at-rest protection is receiving more and more attention in enterprise. Enterprise understands that over 50% data threat is from internal network rather than perimeter. Besides, high-speed line encryption could be another rising star as high-speed data communication is widely adapted in different countries. Finally, digital rights management will also be the key to open the door of the huge market of content access management for both private and public network. |
