Symantec boosts authentication | Bangkok Post: tech

INTERNET SECURITY

After 27 years of providing security for end points, Symantec has launched a new logo and acquired a number of companies that together will provide the trust, strong identity and encryption it needs to protect a world where servers are virtualised and are somewhere in the cloud outside of the company's data centre and where CIOs need to be responsible for data that flows readily to their employee's personal smart phones.

Speaking to journalists at Symantec's symposium in Bangkok, Eric Hoh, Symantec's Vice-President for Asia-South, said that Thailand's economy has been very resilient and in Q2, Symantec saw growth hit 9.2 percent, its highest growth yet. According to IDC, it is also now number one in storage software in the Thai market.

Furthermore, with 26.3 percent penetration, or 20 million Internet users, there is still a lot of room for growth. Thailand has 67.5 million mobile subscribers and 51 percent of the phones in the market today are data-enabled.

Each mobile phone call generates a call record. That data has to be kept for up to nine years due to regulatory requirements. The amount of infrastructure to support that growth and complexity is tremendous.

"At Symantec, we're here to help our customer to simplify that complexity," Hoh said.

With mobile phone penetration higher than the population, Thailand is, like many other countries, now going through a phase of consumerisation of IT. At the same time that people are experiencing a euphoria of having all these gadgets, it also means that confidential, critical information is being carried around everywhere in unmanaged devices and IT has to find a way to deal with that risk.

Every day in the United States, 100,000 USB drives are left on airplanes. Many people have a Facebook page and criminals are getting to know their victims via social engineering attacks.

Twenty six percent of all botnet computers (compromised computers and servers that are used to attack or hack into other machines) are in the Asia-Pacific and Japan region. Last year, Thailand move up from almost the bottom of the list to number six.

Threats are evolving, becoming more targeted towards stealing information for financial gain.

Hoh said that Symantec believes in the 'three Is' when comes to security _ invincible, invisible and inexpensive. Millions of dollars have been invested by banks and stock exchanges and yet information is not secure. That is because of complexity. Security should be simple.

To this end, one of the key areas that Symantec has invested in is identity and authentication. Symantec acquired the security business of VeriSign and the job of protecting over 90,000 websites.

Nico Popp, Vice-President for Product Development for Symantec Authentication and Identity Services, explained that for the past 15 years, VeriSign has had a laser focus on its mission of increasing trust. Almost as important is the need for simplicity with a very simple user interface (UI) and lots of technology in the background.

VeriSign is known for two business lines. One is about trusting the website and the other is about identity.

When a user navigates to a secure website in a browser which is SSL-encrypted, the browser will show a lock and often a checkmark that shows that the site is trusted. VeriSign has issued 2.3 million public certificates to date and verifies identity so that people are who they say they are.

All the trusted sites are scanned daily for malware.

Today people are using passwords online, but going forward, Popp believes that two-factor authentication will soon become more common.

In the real world, to access an ATM machine, a user needs both the PIN and a secure ATM card. This will be the case online and Symantec's security framework supports any technology such as digital certificates, one-time codes sent to a phone or other one-time password devices.

"By combining this service with Symantec's footprint on millions of devices from Norton Anti-virus, Norton 360 through to Symantec Endpoint Security Protection, we are going to change the face of authentication on the Internet.

"There is great synergy between the two companies and we can now deliver a level of trust and confidence on a level that neither of the two companies could have achieved alone. It's good to be part of Symantec," he said.

Symantec, through VeriSign, strengthens identity through technology. It is not about an identity-management platform. It is all about making online identities better and more trustworthy, through technologies such as two-factor authentication.

Popp said that Symantec is working with the government of the United States around a move to open identity. The US government has turned to the private sector to encourage the sharing and enabling of external identification on government sites such as whitehouse.gov or the National Institute of Health.

The US government believes that cyber security issues will need higher assurance identity, but it does not believe it can solve the problem alone. By enabling the use of eBay, Google, Paypal or Symantec IDs across government properties, they can not only achieve economies of scale, but gain trust.

The US public has always been suspicious of tracking and monitoring by the government and it would have been very hard to bring in a trusted ID system without the private sector so it can move on to solve cyber-city issues and enable new types of transactions.

Popp said that Symantec has acquired three encryption companies because when companies are moving towards cloud computing new challenges appear. As infra moves out securing information, data loss prevention, needs encryption. Fencing in the data with SSL encryption still means that people have to access the information and that leads to strong identity.

Josep Gow, Symantec's Director, Product Management, Encryption and Key Management spoke of the need of compliance and the dangers with the proliferation of devices. IT departments today are in a scramble to secure people accessing corporate networks with iPhones and iPads. The question is how can you be responsible for data in a device you do not know and do not manage?

Gow came from a company Symantec acquired called Guardian Edge that was involved in the encryption of data. Alongside PGP, another Symantec acquisition, the two provide a very broad portfolio.

Symantec now provides encryption for data in removable media, phones, network shares and email along with the authentication. The challenge is dealing with the explosion of keys and managing the lifecycle of keys so that security does not become a barrier to business, but an enabler, allowing third parties to do business full of trust and confidence.

Gow said that Research in Motion's BlackBerry has been using PGP encryption for a long time. Windows Mobile has also had that option so that data can be encrypted through to the handset. Enterprises need to be able to control and reach out and remove keys of an employee who has left the company or if the device is lost, for instance. Encryption is core and Symantec will continue to play a role in how consumer devices are bought into organisations.