Security concerns regarding online data and records are rising with each passing day, and the situation is set to stay that way in times to come. The problem is compounded by newer technologies being introduced: while on one hand may make life easier, they also make security more vulnerable.

Altaf Halde, managing director (South Asia) of Kaspersky, a Russian multinational computer security company, tells Governance Now how to deal with such threats in a corporate set-up. In a freewheeling interview, he discusses the ongoing trends of “Bring Your Own Device” and virtualisation security, and the obstacles that both these trends are creating.

First up, what is ‘Bring Your Own Device’, or BYOD, as the acronym puts it?

We have always carried our own devices into the office space. When I connect any of my personal devices into the office network, I am more and more susceptible to introducing new viruses and malwares into the organisation in case my particular device is not protected.

Companies are (now) trying to ensure that if any person or his/her employees, or any outside guest, come and want to be connect to the organisation’s network, there should be certain policies and compliances to ensure that their phone is protected. The guests and employers are allowed to connect with the office network only after these (safety) checks are performed.

What kind of policies are we talking about?

It could be as simple as whether I enable Wi-Fi. For example, you come into the Kaspersky office and you say you want to use the internet, and ask whether you can have access to the Wi-Fi. Also, when an employee comes to office and accesses network, I will make sure his/her phone is updated. A lot of applications, using Java or Adobe, on tablet or smartphone are susceptible to malware attack.

Another policy initiative could be that you use a phone for both professional and personal purpose. The company obviously would be more interested in the official data that you have in this phone. If you are storing company data on it, I, as a company, would want to make sure that this data is protected. So tomorrow if this particular device gets lost or stolen, I should have the power to remove or erase that data. It all boils down to security.

What are the steps a company must undertake to ensure that the level of security is stays high, especially against hacking?

In my opinion, there is nothing called 100-percent protection – no product offers it. What is important is how soon we can update our systems. That is what a company should ensure – are the service parts of the security getting updated? Otherwise it is of no real use.

We have a big research and development team. Of our 2,700 employees, we have 800 people dedicated only for support – finding new viruses, finding out new hacking techniques (and so forth). At present, we detect 2 lakh threats a day – (threats to) mobile phones, laptops…everything.

How do you see BYOD developing specifically in the Indian context?

I think there has been a big increase in awareness in enterprises over the last five or six months. It was more (a question) of physical security earlier. When I used to walk into a call centre, they would ask me to deposit my phone and USB device outside. This (practice) has changed over time. Now, since the BYOD technology has been introduced, an employee can carry a smartphone (into the office). The moment I come to the office, for example, my camera will be disabled – I cannot use Wi-Fi; I cannot physically connect a USB into my computer.

In the last two or three months, small and medium enterprises are waking up to the reality that they need to have this particular BYOD concept in place. It is more visible now.

Do you think such security policies are hampering business opportunities for companies?

There is always a price to pay for security. So there is always some kind of compromise that will take place. It all depends on the organisation and how much importance it gives to security. Many organisations do not believe in security at all. They tell the users: you are free to do whatever you want because we don’t have any data – all our data is stored in the cloud; or everything is at the customer’s end. So there is always this risk – what if something happens tomorrow?

But the concept is changing. It has not yet become a necessity but is slowly getting into that mode.

In terms of figures, how big is the industry?

Honestly, no answer. It would all depend on the number of smartphones in the country. All I can say is, if there are 100 smartphones in India, 50 per cent of that is perhaps being used in corporate (world), and they need to be protected.

Would you explain the concept of virtualisation security?

Virtualisation gives organisations a platform whereby they can crunch all kinds of additional hardware they are using in one particular form. What it does is creating a big machine with a little more capacity.

Every server that might have been physical earlier has now become a virtual server. So you will have hundreds of servers on one machine, and when that happens, cost goes down and the return on investment goes up in a big way.

Does virtualisation make systems more vulnerable to security threats?

Many organisations are going for virtualisation. We did a survey locally – a random survey of users who have implemented virtualisation in the corporate world. Of 100 people we questioned, 60 said they don’t have security on virtualisation servers.

Look at smartphones. Android is killing the market (as) most people are using it. And it is an open platform. So what these malware writers do is they target operating systems that are used a lot, and those which are on an open platform. You won’t see a lot of malware threats coming in for an iPhone, because it is a very secure phone. If we detect, let us say, 100 threats on mobile (phones) we have figures that say 98 percent are on android.

It is bad but it will get dirtier.