Supporting services

Symantec's Anthony Harrison and Omar Dajani underline the importance of unwavering vigilance and evolution in IT security, a need they believe calls for consideration of the vendor's managed services.
Supporting services
Everybody talks about it, but very few actually have very strong best practices when it comes to security. -Anthony Harrison, technical account manager, Symantec MENA.
By Julian Pletts
Tue 01 Sep 2009 04:00 AM

Symantec's Anthony Harrison and Omar Dajani underline the importance of unwavering vigilance and evolution in IT security, a need they believe calls for consideration of the vendor's managed services.

There are many market sceptics when it comes to the adoption of managed security services in the Middle East region. Taking a look at enterprises, it is likely these views are well placed as the larger firms will have the manpower and expertise to meet their IT security needs in-house and, on the whole, they might be wary of looking to outside assistance to oversee security, particularly in sectors such as oil and gas or financial where information is particularly sensitive.

Having said that, we are enduring the depths of a recession and there is a case to be made that businesses, particularly SMBs, might, knowing that they cannot allow safeguard standards to slip, look to managed services from a third party company as a way to maintain the integrity of their networks.

This is the position that Symantec Middle East seems to uphold. Recently the firm released here its Managed End-point protection services which it says provide management and monitoring of end-point protection technologies to defend users against malware and other attacks, such as rootkits, zero-day attacks, and spyware. In signing up for the service end-users will also be able to take advantage of the vendor's security experts and its Global Intelligence Network to help secure customer and corporate data. Symantec is confident that companies in the Middle East region have and will continue to see the value in its managed service proposition.

"Yes, we do have customers here in the region who have signed up for  [managed end-point security]," claimed Anthony Harrison, server and storage management expert at Symantec MENA.

 "They have recognised that when it comes to security it is a tough subject and it is difficult in many countries and particularly in the Middle East to get the right expertise," he added.

Harrison goes further to explain that although graduates in the Middle East have the requisite skills to fulfill IT security roles, on the whole, the region's resources are lacking the experience to meet demands. He also underlines the point that the financial crisis has likely added to the willingness of CIO and IT managers to consider managed services in security due to massive budgetary constraints.

From Symantec's point of view it is significant that this particular managed service is aimed at the end-point because, in line with most vendors in the market, it is keen to mention that the data perimeter is constantly expanding  and changeable. That is to say that security is no longer about physical security at the gateway and is a much more complicated affair which must take into consideration the threats presented by easy access of USB devices and emails, both inwards and outwards.

This complication or complexity of modern IT security, which is likely compounded by the tightening of IT expenditure, might work in Symantec's favour as it looks to evangelise the worth of its managed services.

"The amount of data that we have seems to grow and loose data seems to reside in more and  more places and administrators are playing catch up right now on data and making sure that the data is secure," said Omar Dajani, director of systems engineering, Africa, Russia, CIS, Middle East and Southern Mediterranean. "Basically what is happening now is it is trying to catch up. It is no longer about pro-activity and it is more about being reactive."

Despite the fact that many companies are still very sceptical about allowing a third party to take on the responsibility of the security of their network, when backed up with an SLA to underline the commitment, it should, seemingly allow the end-users security provisions to become more proactive.

"[End-users] are really looking for someone that can take on that responsibility and give them the guaranteed SLA with the right clauses in it in terms of operational guarantees appropriate to that environment," said Harrison about Symantec's managed services.

 "They will get the latest version of the technology and they are plugged into all of our expertise of our latest technology around the world in terms of the available network and innovation, our security research teams, and the latest information. It is not just a case of, here is the file and here you go, it is a case of making sure that you tactically deploy it because we are seeing a big growth in things like zero-day exploits," he added.

Whether or not Symantec is accurate about the uptake of security managed services in this region, they are correct in their observation that security has been getting much more complicated over the past few years and, economic down turn or not, enterprises are going to have to continue down a road of evolution when it comes to security if they are to maintain the effectiveness of their networks and the safety of their data."They need to understand what policies they have in place," explained Harrison. "There has to be a solid foundation of polices in place. You have to be serious and ask yourself are you serious about best practices?  Everybody talks about it, but very few actually have very strong best practices when it comes to security."

Symantec further underlines its suggestion that security in this market is changing from solely physical security and security appliances to encapsulating end-point protection and intricate software and access policies.

"There is one thing to add about security and what we have seen, if you look back five or seven years at security, basically we saw a whole bunch of front of house products, network gateways, clients, anti-virus," stated Dajani.

"These are all implementations in the security structure that were sitting there and not correlated together, acting independently and with different people managing them and not talking to each other and there was not a proper process flow set up in the event that we have outbreak for instance."

According to Dajani there have been examples in the market of outbreaks and there have been no end-user provisions in place with which to isolate those in the network.

"We are spending a lot of times with customers understanding their environment and what software they have, and trying to correlate it together. We have to have an understanding of the posture, where they are now in terms of what would happen if there is an outbreak, the visibility in the business and where would it affect the business."

In addition to a long and hard assessment of the policies and the posture of end-user's network security set-up, Symantec also feels that the Middle East market should already be considering the impact of cloud computing on their security make-up.

This may well be a premature assessment but, as Harrison reveals, many an end-user may be further down the line to considering cloud computing, than they realise and perhaps, they should not be as afraid of the potential security implications than it first seems.

"If you are running your operations and managing to move to a trial pack model where the business units don't own everything in the stack - that is my storage and that is my data centre etc - if you can extract that layer and run it as a service, then effectively you have produced a cloud," said Harrison.

This is of course an internal cloud and it is perhaps more likely  that IT managers harbour greater fears towards the security of external and hosted clouds.

Symantec says that it is working to allow end-users greater protection against disaster and data loss by utilising the cloud to back up data and, although it understands the potential concerns there might be, is resolute that this will appeal to the Middle East market.

"The other thing right now that we are looking to grow is we have this natural protection network which is actually backing up your data into the cloud," said Dajani.

"We are looking at Symantec at how we develop technology for that area and also build confidence in those people for that area to grow."

Regardless of the financial crisis and the level of development of the market here, Symantec is adamant the region is ready to step up to the plate when it comes to investing in IT security, but it remains to be seen how many end-users decide to put the money into managed services and into future security provisions that revolve around the cloud. At the moment it seems to be relatively few.

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.