CIOs Must Accept the Security Scenario with a Braveheart: Defencely CEOAdded 7th Aug 2013
A white-hat security company Defencely secures internet giants like Google, Apple to name a few in North America by providing them zero day vulnerability reports. As the only Indian company awarded by Paypal as one of their top 10 level Cloud Security Companies worldwide, Defencely is a 2012 start up serving 100+ clients across the globe.
With e-commerce on a surge in India, Ritesh Sarvaiya, Founder & CEO, Defencely spoke about the high degree of vulnerability in Indian cloud space. CIOs should look beyond traditional security approach to secure their company or e-commerce website, he says.
What makes you believe that India Inc. is largely exposed to security threats?
During 2012, many Internet companies were compromised despite having their own security products could not defend them. 86% of websites are vulnerable in some form as per our study that means that your company could have private data stolen, customer information and credit card information stolen, or your entire site can be shut down by malicious hackers.
Only 5% of the Indian e-commerce websites would be 100% safe. More than ninety percent of India Inc. websites are vulnerable and we can prove that out of a sample list of hundred sites, ninety could be ethically hacked by us. There is no substitute for Defencely’s Manual Ethical Penetration Testing and Repair that offering cent percent guaranteed solutions to vulnerability detection, reporting & fixing operatives.
Also read : IT's 9 Biggest Security Threats
What is the biggest roadblock to convince CIOs about the security of their websites and web applications?
The ice we intent to break with CIOs / CTOs in India is make them believe that their systems (websites) are vulnerable to threats. They should accept the entire security scenario with a braveheart. Most do not accept this fact as a majority of them still use the automated scanner which is a pre-programmed software - updated on a periodic basis.
CIOs need to engage with their security vendor to fix the critical level vulnerabilities.Google or Paypal have listed on their website that we report vulnerabilities on their websites. Our experts have reported financial vulnerabilities to big companies in North America. At present, we are in advanced talks with world’s biggest online payment processor - Western Union wherein the zero day vulnerabilities have been reported to them.
Security is a complex and dynamic domain with well established players in the market. Where does Defencely fit?
Targeting the top 100 e-commerce sites of India is the top priority. We are also targeting the corporate those have multiple networks of websites say 100 + websites. We would also address BFSI segment within next couple of quarters.
Security by Defencely cannot be promised by the scanner companies to which organisations normally scan the websites. To make sure the website is completely safe, we go ahead and deep dive into their website. Twenty percent is scanner based but eighty percent of the manual penetration is executed by white-hat researchers on board of Defencely. We report the critical level vulnerabilities (if any) to the management of e-commerce companies.
Most CIOS /CTOs/Developers are unable to patch these vulnerabilities so we go one step ahead and do that too. We report ongoing zero day vulnerability to which 100% of the worlds websites are exposed - unless you patch those vulnerabilities. You are a next gen cloud security services company for enterprises.
But Indian organisations are hesitant about the cloud model?
When people say that cloud is not secure, they need to understand that they are protecting their website or their cloud from the hackers. It might be within the data centre but at the end everything it is being accessed via the internet which is cloud – private or public.
Defencely is ahead of other cloud security solution providers as we not only find the genuine vulnerabilities but fix them too. It would not be wrong to say our experts manually penetration testing the website from its origin and the whole concept over the cloud. For BFSI segment, we have experts based out of Europe.
If the company website is successfully hacked while subscribed to Defencely contract, we will not only alert and fix the issue, but we will also waive off your entire subscription fee for that site. That is how very confident we are because of our in-house skills to test the website and patch those vulnerabilities.
Websites are rapidly accessed from mobile devices (smart phones and tablets) than the traditional desktops. Do you secure those end points too?
We do the cloud security of the mobile Apps as well. Whatever you can see on the cloud will be secured by us. During health audit, we introspect all the means on how the end customers access a company website.
Today the websites are often developed separately for access through mobiles. It is part of the bundled offer so we do not charge separately for mob apps etc. We are developing a dedicated vertical for app security that would evolve largely in future.
Yogesh Gupta is associate editor of CIO India. Please send feedback at firstname.lastname@example.org
Analytics and Mobility solutions to monitor water distribution and prevent water loss from leakages.
Adrian Jones, President, Asia Pacific & Japan, Symantec, on why the company still remains a titanic force in the fast-changing security world.
Microsoft estimates that server migration will take at least 200 days and application migration may take more than 300 days.
By setting up a new data centre, which is also the 44th overall, Tata Communications is set to take its service capabilities to a whole new level. This new facility is sure to cement the company’s position as a leader in the ICT market.
Heading an enterprise’s IT means answering thousands of questions every day. From business impacting decisions like how much to charge a customer for a service, to in-house daily process hold ups like whether to deny or approve an insurance claim. CIO Magazine, in association with Airtel, hosted a roundtable to discuss with CIOs and IT heads from various industries to discuss the latest thinking around managed IT services and how do they think it potentially benefits their IT.
Collaboration today has risen to become the next true source of efficacy and innovation in IT for business. CIO Magazine, in association with Airtel, conducted a roundtable to discuss how collaboration has impacted diverse businesses.
As India celebrates the spirit of independence, Indian CIOs crack the code to freedom from the ‘support function’ tag.
This Independence Day Indian CIOs are hoping to find a way to stop LOBs from directly sourcing technology.
Cloud video conferencing is a game changer but traditional methods are still the major competitors, says Gagan Verma, regional director, India and SAARC region, Lifesize.
According to CIO India’s Mid-Year Review 2014 survey, 48 percent of Indian CIOs are currently using, or planning to implement hybrid clouds in their organizations, compared to 35 percent last year.
Somesh Chandra, Director-Customer Service, Operations, Technology and Chief Quality Officer, Max Bupa, puts his customers on a pedestal and is banking on IT to keep them there.
Named Bot-SO, this robot acts as a remote home surveillance system and communicates with users through twitter to alert them about intruders.
Compared to their peers who got a hike, these Indian CIOs are doing the right things but aren’t getting paid for it.
A recent report from the Security for Business Innovation Council (SBIC) states that technology and security teams can work independently and still ensure minimal risks within their organizations.
According to CIO India’s Mid-Year Review 2014, increase in IT spend, focus on strategic and customer impact, and business readiness to clear IT projects, are three factors that Indian CIOs say will enable business growth.