In an industry filled with islands of technologies, interoperability is going to be the biggest challenge for network security vendors within the next two years, said an official from Zergo Asia Pacific, a public-key infrastructure provider.
Standards have been established for every security technology, but interoperability guidelines have been lacking, said Bhojaraja Manjunath, Singapore-based general manager, Zergo. The company recently merged with Baltimore Technologies, also a provider of security applications, with the Singapore office soon to assume the new company name, Baltimore, Manjunath revealed.
The company currently has about 100 employees in the region, most of whom are based in its Asia-Pacific headquarters in Sydney. Baltimore is looking to further acquire companies relevant to its business, and will also be announcing new cryptographic products in the second half of this year, he said.
"Due to the absence of interoperability guidelines, security standards have been too widely interpreted," Manjunath said. "That's why there's a need to establish regulations, something the Internet Engineering Task Force (IETF) is currently addressing."
Security within the network infrastructure is as strong as the weakest link, so organisations must ensure that all defence mechanisms keep up with technology changes and are of high cryptographic strength, he said.
"Hence, interoperability becomes an issue when you're sourcing from different vendors in search of the best security applications," he stressed, noting that because it is a big investment for businesses to keep up with security technologies, they tend to stick to mainstream products.
More and more companies in Asia-Pacific, including Singapore, have also been requesting Baltimore for help in testing their networks for security loopholes, he said.
"There is a lot of interest in vulnerability testing," he added. "While most organisations in Singapore are connected to the Internet and have firewalls in place, they understand that their networks are still exposed to intrusion."
Today, most security breaches are committed by disgruntled employees, tipped as "the new 21st century hacker", said Rich Brewer, an analyst with IDC.
The perception is that most hacker attacks come from political activities and professional industrial thieves, but the reality is that about 70 per cent of attacks come from within a company, Brewer said.
Most security breaches are committed through a bunch of holes, enabling hackers to steal assets and, more importantly, ideas, he said. "Hackers are benefiting from a company's silence."
To defend against hack attacks, "products alone can't save" companies, he said, adding that companies will have to look at all options, including security consulting and implementation, managed firewalls, and hacker insurance.