20
# 2018DataThreat 2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION

2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

  • Upload
    others

  • View
    7

  • Download
    0

Embed Size (px)

Citation preview

Page 1: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

#2018DataThreat

2018THALESDATA THREATREPORT

Trends in Encryption and Data Security

INDIA EDITION

Page 2: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

2 2018 THALES DATA THREAT REPORT • INDIA EDITION

TABLE OF CONTENTS

INTRODUCTION 3

KEY FINDINGS 4

SPENDING UP (A LOT); BUT SO ARE THE BREACHES 5

Spending in all the wrong places 7

Spending drivers 8

DATA SOVEREIGNTY 9

SECURING SaaS, BIG DATA AND IoT 10

SENSITIVE DATA STORAGE 10

CLOUD 12

BIG DATA 13

IoT 13

DOCKER/CONTAINERS 14

AI/MACHINE LEARNING 16

MOBILE PAYMENTS 16

BLOCKCHAIN – TONS OF HYPE, BUT STILL EARLY 17

RECOMMENDATIONS 18

OUR SPONSORS GEOBRIDGE

Page 3: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

3 2018 THALES DATA THREAT REPORT • INDIA EDITION

INTRODUCTION

Reports of major data breaches globally continue unabated, underscoring the harsh realities of the state of cyber security today. Year-to-year increases in IT security spending across a broad swath of vertical markets and geographies have done little to stem the tide of breaches. This ongoing game of cat-and-mouse suggests that their tactics, sophistication and motivation are helping global attackers stay at least one step ahead of their often overwhelmed and beleaguered defenders. The obvious – or what should be obvious – question is whether the cyber defenses that are being deployed today need to be re-examined for overall effectiveness and recalibrated.

This is particularly true with respect to emerging privacy mandates around the globe, such as GDPR in the European Union. For India specifically, The Constitution of India does not expressly grant the fundamental right to privacy, including data privacy, and India currently has no express legislation regarding data protection and privacy. However, the Indian Information Technology Act, 2000 does provide for both civil and criminal penalties for misuse or wrongful disclosure of personal data.

However, India has adopted strict privacy guidelines concerning Aadhaar, a 12-digit unique number that all residents of India are encouraged to obtain and which is overseen by the Unique Identification Authority of India (UIDAI). Aadhaar is based on unique biometric and demographic data and is designed to reduce fraud when awarding various benefits, among other things. Courts in India are still wrestling with efforts by some to restrict access to benefits to those residents declining to obtain Aadhaar numbers. Meanwhile, the Indian government is encouraging citizens to link Aadhaar numbers to bank accounts, mobile SIM cards and other services.

Perhaps as a result of such initiatives, far more Indian organizations are planning IT security spending increases than any other geographic or vertical market sector. At the same time, reports of successful data breaches in India are second only to Sweden among all geographical and vertical markets.

The data in this report is based on detailed input from over 100 senior IT security managers in India– all part of the Global Thales 2018 Global Data Threat Report, which polled 1,200 IT security managers in eight countries and across four major vertical markets. This report is the first to focus specifically on the Indian marketplace.

“Far more Indian organizations are planning IT security spending increases than any other geographic or vertical market sector. At the same time, reports of successful data breaches in India are second only to Sweden among all geographical and vertical markets.”

3

Page 4: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

4 2018 THALES DATA THREAT REPORT • INDIA EDITION

KEY FINDINGS

For India, the report findings display a mix of good and bad news, arguably weighted toward good news relative to findings in other geographic sectors.

• A striking 93% of Indian respondents’ plan on increasing IT security spending this year, the highest among all countries surveyed and well above the global average (78%).

• The bad news is that 52% of Indian respondents reported a successful breach last year, also way above the global average (36%). Further, a full three quarters (75%) in India reported being breached at some time in the past, compared with just 67% globally.

• Thus, it is not surprising that 62% of Indian respondents’ report feeling ‘very’ or ‘extremely’ vulnerable to attacks on sensitive data (37% ‘extremely’ vulnerable), also well ahead of the global average (44%). By way of contrast, in Japan, which enforces strict data privacy laws, just 17% report feeling ‘extremely’ vulnerable.

• Another somewhat shocking result is that 85% of Indian respondents say compliance is either ‘very’ or ‘extremely’ effective at stopping breaches, again way ahead of the global average (64%).

“A striking 93% of Indian respondents’ plan on increasing IT security spending this year, the highest among all countries surveyed and well above the global average (78%).”

“The bad news is that 52% of Indian respondents reported a successful breach last year, also way above the global average (36%). Further, a full three quarters (75%) in India reported being breached at some time in the past, compared with just 67% globally.”

“It is not surprising that 62% of Indian respondents’ report feeling ‘very’ or ‘extremely’ vulnerable to attacks on sensitive data (37%

‘extremely’ vulnerable).”

How spending in 12 months will compare to its current levelTotal higher

93%India Global

78%

Breached at some point in the past

India

Global

US

Japan

Korea

Germany

Netherlands

Sweden

UK

0% 10% 20% 30% 40% 50% 60% 70% 80%

Page 5: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

52018 THALES DATA THREAT REPORT • INDIA EDITION

• And perhaps most revealing, Indian organizations are apparently spending their valuable IT security funds in the wrong places.

o 91% list analysis and correlation as the most effective weapons to stop data breaches followed closely by data-in-motion/data-at-rest defenses at 90% each.

o Endpoint/mobile defenses are ranked least effective (81%).

o Yet endpoint/mobile defenses are ranked at the top in terms of spending plans (81%), with data-at-rest at the bottom (54%).

• Concerns about performance impacts and business processes are the top barrier cited in India to IT security, followed by perceptions of complexity (48%) and perceived need (37%).

• Indian respondents are relatively unconcerned about storing sensitive data in cloud environments, with 92% of Indian respondents reporting that their organizations store sensitive data in some form of public cloud (either IaaS, PaaS or SaaS), well ahead of the global average of 74%.

SPENDING UP (A LOT); BUT SO ARE THE BREACHES

India this year is going all-in with IT security spending, with 93% of respondents planning IT security-spending increases. As noted earlier, this is well ahead of the global average (78%) and the highest among all countries surveyed. And with good reason: while breach reports are up globally, they are up sharply in India. More than half – 52% – of Indian respondents reported a successful breach in the last year alone, well ahead of the global average (36%). By way of contrast, in Japan just 9% of respondents admit to being breached in the past year. Further, three quarters of Indian respondents (75%) have been breached at some time in the past, compared to 67% globally. Possible explanations include a booming IT economy that makes India a high-profile attack target and relatively less mature corporate IT security programs.

“Indian organizations are apparently spending their valuable IT security funds in the wrong places.”

“Indian respondents are relatively unconcerned about storing sensitive data in cloud environments, with 92% of Indian respondents reporting that their organizations store sensitive data in some form of public cloud (either IaaS, PaaS or SaaS), well ahead of the global average of 74%.”

Breached in the last year

India

Global

US

Japan

Korea

Germany

Netherlands

Sweden

UK

0% 10% 20% 30% 40% 50% 60%

Page 6: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

6 2018 THALES DATA THREAT REPORT • INDIA EDITION6

52%“More than half – 52% – of Indian respondents reported a successful breach in the last year alone, well ahead of the global average (36%).

Page 7: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

72018 THALES DATA THREAT REPORT • INDIA EDITION

With such shockingly high breach levels, it is not surprising that IT security professionals in India feel far more vulnerable to security attacks, with 62% saying they feel either ‘very’ or ‘extremely’ vulnerable to attacks on sensitive data, compared with just 44% globally and 53% in the U.S. What’s more, 37% in India feel ‘extremely’ vulnerable, way above the global average of 21%. Only the U.S. is close at 30%.

Spending in all the wrong placesVirtually all vertical sectors and geographic regions reported a glaring disconnect between what are perceived as the most effective IT security solutions and what respondents are most likely to spend their budgets on. In India, this problem is magnified. Indian respondents rank analysis and correlation tools (like SIEM devices, etc.) as the most effective at stopping data breaches (91%), with data-in-motion and data-at-rest a very close second (90%), while endpoint and mobile defenses are ranked dead last (81%). But when it comes to which defenses will garner the biggest planned spending increases, endpoint/mobile defenses rank at the top of spending plans (81%), while planned spending on the top-ranked defense – data at rest – is dead last (54%).

“Indian respondents rank analysis and correlation tools (like SIEM devices, etc.) as the most effective at stopping data breaches (91%), with data-in-motion and data-at-rest a very close second (90%), while endpoint and mobile defenses are ranked dead last (81%). But when it comes to which defenses will garner the biggest planned spending increases, endpoint/mobile defenses rank at the top of spending plans (81%), while planned spending on the top-ranked defense – data at rest – is dead last (54%).”

Vulnerability to both internal and external threats to sensitive dataVery Vulnerable and Extremely Vulnerable

India

Global

US

Japan

Korea

Germany

Netherlands

Sweden

UK

0% 10% 20% 30% 40% 50% 60% 70% 80%

India Global

Percentage increase in spending

Endpoint/mobiledevice defenses

Analysis andcorrelation tools

Data-in-motion defenses

Network defenses

Data-at-rest defenses

0% 20% 40% 60% 80% 100%

Page 8: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

8 2018 THALES DATA THREAT REPORT • INDIA EDITION

This yawning gap between defenses ranked most effective and spending plans on those defenses may at least partly explain why Indian organizations report such high breach rates. Moreover, the reasons why data security tools are not deployed more broadly are fairly consistent across most regions: potential performance impacts, perceptions of complexity being two of the more common concerns. In India, however, the top reasons for not deploying data security is potential impacts on business performance and processes (56% in India vs. 42% globally). The perception of complexity is the second most frequently cited barrier to data security deployment in India (48%), followed by lack of perceived need (37%) – which is quite remarkable given the very high breach rates.

Spending driversThe top drivers of IT security spending in India were reputation and brand protection (52%), increased use of cloud is next (47%), and avoidance of financial penalties at 32%.

“The top drivers of IT security spending in India were reputation and brand protection (52%), increased use of cloud is next (47%), and avoidance of financial penalties at 32%.”

India Global

Barriers to adopting/implementing data IT security

Concerns about impacts on performance and business process

Complexity

Lack of perceived need

Lack of staff to manage

Lack of organizational buy-in/Low priority

Lack of budget

0% 10% 20% 30% 40% 50% 60%

India Global

Drivers of IT security spending

Reputation and brand protection

Impact of increaseduse of cloud computing

Avoidance of �nancial penalties resulting from a data breachRequirements from business

partners, customers or prospects

Executive directive

0% 10% 20% 30% 40% 50% 60%

Page 9: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

92018 THALES DATA THREAT REPORT • INDIA EDITION

Notably, compliance has been declining as a driver of global IT security spending in recent years (though it will be interesting to observe the impact of GDPR and UADAI looking ahead), while views towards the effectiveness of compliance have bounced around somewhat. Compliance did not emerge as the top reason to spend on IT security in India, yet curiously, Indian respondents are highly optimistic that compliance requirements can prevent data breaches. A staggering 85% rate compliance as either ‘very’ or ‘extremely’ effective at preventing breaches, well above the 64% global average. Further, half in India (50%) rate compliance mandates as ‘extremely’ effective, compared to just 27% globally, and ahead of every other nation – the only one that is close is the U.S. (39%.) India’s positive views towards compliance are also surprising given India’s relatively weak data privacy regulations.

A growing number of respondents globally view compliance as very effective in preventing data breaches, yet the number of breaches continues to rise. This suggests that compliance, in general, may well lag behind the fast-shifting dynamics of the global threat environment, which stays a step or two ahead of compliance and regulation. It’s no secret that many of the most high-profile breaches that have occurred in recent years have happened to firms that have reportedly been in compliance with applicable regulations. In short, regulatory compliance should be viewed as a step in the journey towards better security, not an end in itself.

When it comes to what data security tools Indians plan to spend on, encryption with BYOK (which was not among the top three choices for any other region) emerged as the top answer (51% vs. 43% globally). Tokenization is second (45% vs. 44% globally); SIEM is third (44% vs. 39% globally).

DATA SOVEREIGNTY

Interest in data sovereignty continues to heat up as new data privacy regulations such as GDPR take effect – 85% of Indian respondents say they are affected by data privacy requirements vs. 87% globally. In India, the top choice for satisfying data privacy laws is encryption (30% vs. 42% globally, where it is also the top choice), followed by tokenization (25% vs. 20% globally). It may be that India’s prominent and growing outsourcing businesses explain in part why such a high percentage of organizations place a high priority on data sovereignty.

“In India, the top choice for satisfying data privacy laws is encryption (30% vs. 42% globally, where it is also the top choice), followed by tokenization (25% vs. 20% globally).”

“A staggering 85% rate compliance as either

‘very’ or ‘extremely’ effective at preventing breaches, well above the 64% global average.”

India Global

Plans to comply with local data privacy rules

Encryption

Tokenization

Utilization of localhosting or cloud providers

Migrate customer datato new locations

0% 10% 20% 30% 40% 50%

“While Indian organizations are more inclined to pursue multi-cloud strategies, doing so can pose challenges in terms of IT security. For example, each cloud provider may need its own IT security controls, and services provided natively can vary greatly and also be difficult to coordinate and manage centrally.”

Page 10: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

10 2018 THALES DATA THREAT REPORT • INDIA EDITION

SECURING SaaS, BIG DATA AND IoT

Globally, most organizations are pursuing a multi-cloud strategy, in part to avoid vendor lock-in, but also to run workloads in the most appropriate venue. This surely applies to Indian organizations: only 5% of respondents’ report using just one IaaS provider, lowest among any other country, vs. 16% globally. In India, more than two-thirds (68%) of organizations use 3 or more IaaS vendors, again well ahead of the global average (57%). Similarly, with PaaS only 4% of Indian organizations report using just one PaaS vendor vs. 17% globally, while 63% use 3 or more PaaS providers (vs. 53% globally). And with SaaS, 27% in India report using more than 100 SaaS applications vs. 22% globally.

While Indian organizations are more inclined to pursue multi-cloud strategies, doing so can pose challenges in terms of IT security. For example, each cloud provider may need its own IT security controls, and services provided natively can vary greatly and also be difficult to coordinate and manage centrally. This is particularly true with SaaS applications, as some SaaS providers offer data security controls for their customers but their capabilities can vary widely.

SENSITIVE DATA STORAGE

Since Indian respondents are relatively more likely to adopt cloud, it follows that they are also more likely to store sensitive data in public cloud environments. More than two-thirds (61%) say they are likely to store sensitive data in PaaS, the highest among all countries and well above the 39% global average. Another 59% will store sensitive data in SaaS vs. 45% globally; and 57% will do so in IaaS vs. 41% globally. Another way of looking at it is that 92% of Indian respondents store sensitive data in some form of public cloud (either IaaS, PaaS or SaaS), well ahead of the global average of 74%. However, Indian respondents are less likely to store sensitive data in containers (15%) than global average of 24%.

“Globally, most organizations are pursuing a multi-cloud strategy, in part to avoid vendor lock-in, but also to run workloads in the most appropriate venue.”

India Global

Number of PaaS providerscurrently used or planned to use

Number of SaaS appscurrently used or planned to use

Morethan 100

11-25

51-100

26-50

0-11

Number of IaaS providerscurrently used or planned to use

3 or more 2 1

3 or more 2 1

68%

57%

27% 27%

5%

16%

63% 53%

34% 30%

4%

17%

27%

22% 25%

22% 24%

20%

14%

19%

10%

17%

India Global

Sensitive data storage

PaaS

SaaS

IaaS

Big Data environments(Hadoop, NoSQL, etc.)

Mobile applications

Internet of Things platforms

Blockchain

Containers/Docker images

0% 10% 20% 30% 40% 50% 60% 70% 80%

Page 11: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

112018 THALES DATA THREAT REPORT • INDIA EDITION 11

“India is even more concerned about security breaches and attacks at the service provider, ranking it at the top of the list concerns (86%) along with concerns about data residency (86%).”

86%

Page 12: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

12 2018 THALES DATA THREAT REPORT • INDIA EDITION

CLOUD

Attacks and breaches at the cloud provider remains the top cloud security concern globally at 64%, up from 59% last year. India is even more concerned about security breaches and attacks at the service provider, ranking it at the top of the list concerns (86%) along with concerns about data residency (86%).

Globally, the control needed to increase usage of cloud resources (from a select list) is encryption with local key control (44%) – after all, ‘whoever controls the keys, controls the data.’. In India, however, the top IT security control is detailed security monitoring (54%), followed closely by encryption with keys managed by service providers (53%). Encryption with local key control was ranked fifth (49%), followed by HSMs (45%).

“In India, however, the top IT security control is detailed security monitoring (54%), followed closely by encryption with keys managed by service providers (53%).”

India Global

Data security concerns about public cloud services

Security breaches/attacksat the service provider

Data residency concerns

Managing, monitoring and deployingmultiple cloud native security tools

Increased vulnerabilities fromshared infrastructure

Managing Encryption Keys acrossmultiple cloud environments

Security of my organization's data ifthe cloud provider fails or is acquiredPrivileged user abuse at the cloud or

SaaS vendor (including System Administrators,Cloud Administrators, Storage Administrators,

Virtualization Administrators)

0% 20% 40% 60% 80% 100%

“More than two-thirds (61%) say they are likely to store sensitive data in PaaS, the highest among all countries and well above the 39% global average. Another 59% will store sensitive data in SaaS vs. 45% globally; and 57% will do so in IaaS vs. 41% globally.

12

Page 13: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

BIG DATA

In India, the top IT security concerns with respect to Big Data is that sensitive data may reside anywhere in the Big Data environment (44% vs. 34% globally), followed by the IT security of reports that may include sensitive data (38%). Privacy violations and privileged user access ranked third (35%). While stronger authentication (38%) was the top Big Data IT security control globally, in India the most popular choice by a wide margin was improved monitoring and reporting (46% vs. 36% globally) followed by stronger authentication (41% vs. 38% globally).

IoT

While there is considerable hype about IoT devices like wearables, smart appliances, and automotive IoT, environmental monitoring often ranks at the top or near it around the globe. Indeed, when we asked a new question in this year’s report about the most popular types of IoT devices in use, the top choice in India was environmental monitoring (47% vs. 34% globally); transport/automotive and home/appliances were ranked second and third (41% and 40% respectively).

“In India, the top IT security concerns with respect to Big Data is that sensitive data may reside anywhere in the Big Data environment (44% vs. 34% globally), followed by the IT security of reports that may include sensitive data (38%).” India Global

Concerns regarding big data IT security

Sensitive information may reside anywhere within the environment

IT security of reports that may include sensitive data

Privacy violations from data originating in multiple countries

Privileged user access to protected data in the implementation

Lack of effective access controls

0% 10% 20% 30% 40% 50%

“The biggest IoT IT security concern in India is protecting the data generated by an IoT device (34%, also the top answer globally at 27%). Identifying or discovering data generated by an IoT device that may be sensitive is second in India at 30%.”

13

Page 14: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

14 2018 THALES DATA THREAT REPORT • INDIA EDITION

The biggest IoT IT security concern in India is protecting the data generated by an IoT device (34%, also the top answer globally at 27%). Identifying or discovering data generated by an IoT device that may be sensitive is second in India at 30%. Moreover, when asked what were the top IT security controls needed to boost usage of IoT in India, the number one answer by a wide margin was encryption/tokenization (65% vs. 48% globally), with authentication a distant second (56% vs. 47% globally); followed closely by anti-malware (54% vs. 43% globally).

DOCKERS/CONTAINERS

Container technology (Docker, OpenShift, etc.) has received substantial ‘buzz’, and for a good reason – in last year’s report, we found that roughly 40% of global respondents were already using containers in production use cases, despite being a relatively new technology. As with any emerging technology architecture, IT security concerns typically are at the top in terms of adoption barriers.

For India specifically, the top container IT security concerns include: the IT security of the data stored in containers (40% vs. global 36%), followed by the spread of malware between containers (36%) and patching/updating containers (35%). Not surprisingly, the top IT security controls in India need to increase the willingness to adopt containers were anti-malware (54%; also, the top choice globally at 45%), followed by encryption (45% vs. 41% globally) and digital signatures and monitoring (each at 42%).

India Global

IT security controls that would increase willingness to adopt IoT

Encryption/tokenization of data generated by IoT devices

Authentication/secure digital identi�cation of IoT devices

Anti-malware

Perimeter/gateway protections between IoT/ICS and IP networks

Behavioral analytics/anomaly detection

0% 10% 20% 30% 40% 50% 60% 70% 80%

India Global

Container IT security concerns

IT security of datastored in containersSpread of malware

among containers

Patching/UpdatingContainers

Unauthorized accessto containers

Privacy violations fromusing shared resources

0% 5% 10% 15% 20% 25% 30% 35% 40%

Page 15: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

15 2018 THALES DATA THREAT REPORT • INDIA EDITION 15

“Indian respondents are much more likely to see the IT security benefits of AI/ML (79% vs. 64% globally), by helping to better recognize and respond to attacks.”

Page 16: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

16 2018 THALES DATA THREAT REPORT • INDIA EDITION

AI/MACHINE LEARNING

Like most IT security tools, AI/ML can be used both for beneficial and malicious uses, depending upon in whose hands the tools lie. In a new question we asked in this year’s report, we found that Indian respondents are much more likely to see the IT security benefits of AI/ML (79% vs. 64% globally), by helping to better recognize and respond to attacks. That said, nearly half (48%) in India also believe AI/ML can also help attackers and lead to increased breaches, compared to 43% globally.

MOBILE PAYMENTS

Mobile payments technologies are also on the rise, so we added new questions this year to assess how firms were thinking about mobile payments, where they were at in the adoption cycle, and what their top IT security concerns were. In India, for example, the United Payments Interface (UPI) is a real-time payment system that can directly withdraw and deposit funds into back accounts to facilitate mobile transactions. Globally, roughly one-quarter (24%) of respondents were using mobile payments applications in production, and for India the response rate was a touch higher (27%). With respect to IT security concerns, the top choice globally was potential exposure of PII, perhaps not surprising given the implementation of GDPR in May of this year. The same held for India, but an even wider margin – 54% were most concerned about exposure of PII, followed by new account fraud (46%).

“With respect to IT security concerns, the top choice globally was potential exposure of PII, perhaps not surprising given the implementation of GDPR in May of this year. The same held for India, but an even wider margin – 54% were most concerned about exposure of PII, followed by new account fraud (46%).”

India Global

Impacts of machine learning or AI technologies on organization’s data

Increases data IT securityby recognizing andalerting on attacks

Results in increased threats due to use as a hacking tool

0% 10% 20% 30% 40% 50% 60% 70% 80%

India Global

IT security concerns for mobile payment applications

Potential exposure of personally identi�able information (other than

payment card info)

Fraudsters using mobile payment apps for new account fraud

Weak authentication protocols used by mobile payment apps

Weak onboarding/ KYC protocols used by mobile payment apps

Potential exposure ofpayment card information

0% 10% 20% 30% 40% 50% 60%

Page 17: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

BLOCKCHAIN – TONS OF HYPE, BUT STILL EARLY

Blockchain is another area that has generated a lot of attention, particularly with respect to cryptocurrencies. Though still very early for commercial implementations of blockchain, in India a mere 1% of respondents have no plans to adopt blockchain – the lowest among all countries surveyed.

Globally, the main intended use cases of blockchain include protecting customer information (40%), followed by financial transactions/secure payments (38%.). In India, however, financial transactions/secure payments was the top answer (50%), followed closely by online purchases (49%).

“In India, however, financial transactions/secure payments was the top answer (50%), followed closely by online purchases (49%).”

India Global

Blockchain use cases

For �nancial transactions/secure payments

For online purchase transactions

To authenticate users

To protect customer information

To authenticate devices

0% 10% 20% 30% 40% 50%

“Though still very early for commercial implementations of blockchain, in India a mere 1% of respondents have no plans to adopt blockchain – the lowest among all countries surveyed.”

17

Page 18: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

18 2018 THALES DATA THREAT REPORT • INDIA EDITION

RECOMMENDATIONS

RE-PRIORITIZE YOUR IT SECURITY TOOL SET

DISCOVER AND CLASSIFY

DON’T JUST CHECK OFF THE COMPLIANCE BOX –

ENCRYPTION AND ACCESS CONTROL

With increasingly porous networks, and expanding use of external resources (SaaS, PaaS and IaaS most especially) traditional end point and network IT security are no longer suf�cient. When implemented as a part of the initial development (for ease of implementation versus retro�tting at a later date), data security offers increased protection to known and unknown sensitive data found within advanced technology environments.

Look for data IT security tool sets that offer services-based deployments, platforms and automation that reduce usage and deployment complexity for an additional layer of protection for data.

Get a better handle on the location of sensitive data, particularly to deal with Big Data, IoT and data sovereignty mandates

Compared to other countries, Indian respondents have the greatest faith in compliance mandates. However, Indian organizations should consider moving beyond compliance and adopting IT security tools such as encryption or tokenization that may be more appropriate as new technologies like cloud are increasingly adopted and used as a repository for sensitive data in India.

Encryption needs to move beyond laptops and desktops.

Cloud: Encrypt and manage keys locally (this is particularly applicable for India which showed a preference for keys managed by service providers); BYOK is an enabler for enterprise SaaS, PaaS and IaaS use

Big Data: Employ discovery as a complement to encryption and access control within the environment to help get a handle on the location of sensitive data within Big Data reports

Containers: Encrypt and control access to data both within containers and underlying data storage locations

IoT: Use secure device ID and authentication, as well as encryption of data at rest on devices, back end systems and in transit to limit data threats

Blockchain: While it may be early for commercial implementations, blockchain promises to play a big role in terms of securing transactions, and protecting customer data

Mobile payments: Encryption and/or tokenization can also help address the main risk from mobile payments: loss of PII, which is a particular concern in India

Data Sovereignty: Consider both encryption (where India trails global responses) and tokenization as a way to avoid hefty �nes from violating nascent privacy laws

“With increasingly porous networks, and expanding use of external resources

(SaaS, PaaS and IaaS most especially) traditional end point and network

IT security are no longer sufficient.”

“Data security offers increased protection to known and unknown

sensitive data found within advanced technology environments.”

18

Page 19: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

192018 THALES DATA THREAT REPORT • INDIA EDITION

ANALYST PROFILE Garrett Bekker is a Principle Analyst in the Information Security Practice at 451 Research. He brings a unique and diverse background, having viewed enterprise security from a variety of perspectives over the past 15 years. Garrett spent more than 10 years as an equity research analyst at several investment banking firms, including Merrill Lynch, where he was the lead enterprise security analyst, as an investment banker, and also in sales and marketing roles with early-stage enterprise security vendors. Throughout his career, Garrett has focused on a wide variety of subsectors within enterprise security and is now focusing primarily on identity and access management (IAM) and data security, with a special interest in applying the former to cloud-based resources.

ABOUT 451 RESEARCH 451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to over 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group.

ABOUT THALES eSECURITY

Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities are both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security does not just reduce risk; it is an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.

Please visit www.thalesesecurity.com and find us on Twitter @thalesesecurity.

PLATINUM PARTNER – GEOBRIDGE

Established in 1997, GEOBRIDGE emerged as one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations. Today, GEOBRIDGE is a leading information security solutions and compliance provider that provides Cryptography and Key Management, Payment Security , Compliance, and HSM Virtualization solutions and services to our clients. Our client list includes Fortune 500 companies, financial institutions, healthcare organizations and government clients across North America and around the globe. GEOBRIDGE leverages our team’s expertise in data protection, program development, enforcement and governance to help architect solutions to help mitigate risk for our clients.

PLATINUM PARTNER – VENAFI

Venafi is the cyber security market leader in machine identity protection, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise – on premises, mobile, virtual, cloud and IoT – at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With 31 patents currently in its portfolio, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 2000 organizations. Venafi is backed by top-tier investors, including Foundation Capital, Intel Capital, Origin Partners, Pelion Venture Partners, QuestMark Partners, Mercato Partners and NextEquity. For more information, visit: www.venafi.com.

Garrett Bekker Principal Analyst 451 Research

Page 20: 2018 THALES DATA THREAT REPORT - go.thalesesecurity.comgo.thalesesecurity.com/rs/480-LWA-970/images/2018-Thales-Data-Threat... · Data-in-motion defenses Network defenses Data-at-rest

©2018 Thales