Many such incidents take place, but only few see the lime light. Fear of losing customer's faith is one of the reasons for not divulging such incidents! In India, most companies don't have a pragmatic plan to curb such incidents their approach is mostly reactive. Ideally, countries like India where software exports are close to $90 billion, incidents as these shows the craving need for strong security policies and high security architecture design to ensure information security. The importance of information security(IS) and growing market for security consulting in India is driving me to write this article.
Don't care for security!!! – This is what we usually hear from most of the start ups of India and few Small and Medium Businesses (SMBs). Since these companies are very small in man-power, and busy releasing their product they don't have enough time for security implementation and enough money to build a dedicated security team. In fact, security helps start up companies protecting their intellectual property and gain competitive advantage. Contrary to SMBs, who don't have a security team, few companies have dedicated security team but they lack certified professionals. In India, almost 50% (12 out of 25) of the companies do not employ certified professionals to manage their security. Ironically, for any security service implementation you need experienced certified people who are specialized, trained and certified in core areas of security domain. These experienced certified professionals are employed by security consulting firms.
As per the “The Forrester Wave™:Security Consulting, Q3 2007” - Over the past two years, some security service providers have registered growth rates in excess of 40%. Major driving factors for the security consulting market in India to grow are - high rise in the complexity of IT implementations, Rise in the usage of on-line trading and on-line transactions, rise in the requirements of banking and financial services, BPO etc. Another survey states that Security consulting is projected to grow till $1.1 billion by 2012 in Asia pacific. According to a survey, the demand for IS professionals is estimated to grow to over 77,000 in India, thus indicating around 5-6% of overall rise in IT work force demand.
With positive statistical data, Information security and services companies in India are now moving up the value chain to focus on information security consultancy, managed services, training and patch management. The information security market in India is growing at a rate of 50% exceeding that of the software industry and presents a huge untapped opportunity to software companies. There are already quite a few good players like Deloitte, Wipro, Accenture, Ernst &Young who proved their mark with their consulting services in the area of information security, but there is a growing need and vacuum available for other companies to pitch into this market.
Now security is more than setting up IT infrastructure alone, it has expanded to information storage, distribution, application level security, perimeter security and defining policy procedures for different kinds of information. Today's security consulting firms have trained people with specialized skill sets on standards like BS-7799, ITSM (IT Service Management), COBIT (Control Objectives for Information and Related Technology) and the ISO-17799, ISO 27001. SMBs with no dedicated security teams can benefit from the services of security consulting firms. Also, in one way companies with dedicated security teams can benefit from services of security consulting firms in a way that consultants look at organization's security set up from outsider's perspective and are in a better position in identifying the loop-holes.
Companies should enhance their security perception by involving the top management in drafting and reviewing security policies and creating a provision for security in their budgets.
As security consulting in India is growing at a rapid pace, it is right time for Information Security and service based companies to pitch in into this market. India has a right blend of technology and skills to provide top notch services and grow as a top class security consulting service provider.