| "300 Lithuanian sites hacked by Russian hackers" | | | | security consulting market in India to grow are high rise |
| "In September, Google mail accounts of key | | | | in the complexity of IT implementations, Rise in the |
| government officials were tampered with and earlier, | | | | usage of on-line trading and on-line transactions, rise in |
| passwords and login names of the National Defence | | | | the requirements of banking and financial services, |
| Academy and key Indian embassies were splashed | | | | BPO etc. |
| by a hacker on this website" | | | | Consulting is projected to grow till $1.1 billion by 2012 in |
| "India's External Affairs Servers Hacked By China" | | | | Asia pacific. Information security and services |
| How often we get to hear such news.... | | | | companies in India are now moving up the value chain |
| ...many times... huh!!! Despite many such incidents that | | | | to focus on information security consultancy, managed |
| take place, only few see the lime light. Reason being | | | | services, training and patch management. The |
| most of the companies don't prefer to reveal them, | | | | information security (IS) market in India is growing at a |
| fearing there is chance of loosing customer's faith. | | | | rate of 50 per cent exceeding that of the software |
| Incidents as these happen quite often and we react | | | | industry and presents a huge untapped opportunity to |
| only when such incidents takes place. Most of the | | | | software companies. There are already quite a few |
| times we are reactive than being proactive! All such | | | | good players like Deloitte, Wipro, Accenture, |
| incidents raise a concern on how security is | | | | Ernst&Young who proved their mark with their |
| compromised and there is a great concern to curb | | | | consulting services in the area of information security, |
| such activities. The importance of information security | | | | but there is a growing need and vacuum available for |
| and growing market for security consulting in India is | | | | other companies to pitch into this market.conclusion: |
| driving me to write this article. | | | | |
| Don't care for security - This is what we normally hear | | | | 1. Gone are those days when security was thought of |
| from most of the start ups of India and few Small and | | | | as setting up IT infrastructure alone, it is now more |
| Medium Businesses (SMBs). Reason could be that | | | | than that, it has expanded to information storage, |
| they don't have enough time for security, since they | | | | distribution, application level security, perimeter security |
| are busy getting their product out. But fact is, start up | | | | and defining policy procedures for different kinds of |
| companies should take utmost care in protecting their | | | | information. Today's security consulting firms have |
| intellectual property lest they might loose their | | | | trained people with specialized skill sets on standards |
| competitive advantage. | | | | like BS-7799, ITSM (IT Service Management), COBIT |
| Security is the way to go!!! Security is not a product, | | | | (Control Objectives for Information and Related |
| which you can just install and keep yourself safe. | | | | Technology) and the ISO-17799, ISO 27001. Companies |
| Security is not just a technology alone, it includes | | | | who are working in an off shore model may take |
| process and people who should follow the process | | | | services from security consulting firms to keep |
| with out fail. Most SMBs do not have dedicated | | | | themselves compliant to regulations that are followed |
| security teams due to the smaller size of their | | | | by their foreign counterparts. |
| operation, contrary to this few companies have | | | | 2. Companies working in an offshore model can get an |
| dedicated security teams, but they lack certified | | | | added advantage in hiring external consultants. These |
| security professionals. It is estimated that in India less | | | | consultants look at organization's security set up from |
| than 2,500 professionals have specific Information | | | | outsider's perspective and are in a better position in |
| Security skills, which represents only 0.5% of the IT | | | | identifying the loop-holes. |
| workforce. Almost 50% (12 out of 25) of the | | | | 3. Companies should enhance their security perception |
| companies do not employ certified professionals to | | | | by involving the top management in drafting and |
| manage their security. But reality is that for security | | | | reviewing security policies and creating a provision for |
| implementation you need experienced certified people | | | | security in their budgets. |
| who are specialized and trained in core areas of | | | | Its quite evident that security consulting in India is going |
| security domain. Now how can you get such people? | | | | at a rapid pace. India has a right blend of technology |
| In India there are quite a few security consulting firms | | | | and skills to provide top notch services and grow as a |
| who can provide experienced certified external | | | | top class security consulting service provider. |
| security consultants for hire. | | | | Finally, as the meaning of Tantra goes - any service |
| As per the "The Forrester Wave":Security Consulting, | | | | that is concerned with ritual acts of body, mind and |
| Q3 2007" Over the past two years, some security | | | | speech is called as Tantra. That's why I say, When |
| service providers have registered growth rates in | | | | Security is Mantra then the Security consulting is |
| excess of 40%. The major driving factors for the | | | | Tantra!!! |