RSA Conference APJ: Where is internet security heading?
Appknox’s Subho Halder highlights three key trends in internet security. How can startups capitalise on them?By Theon Leong 26 May, 2014
As a build up to the RSA Innovation Sandbox competition for securities startups, e27 and RSA Security LLC will be conducting a series of interviews with the winners of the Innovation Sandbox competition held in the US. We will be talking about their achievements and gathering helpful tips for prospective entrepreneurs.
RSA Conference APJ will be returning to Singapore this year on July 22 and 23 to talk about cryptography and information security. In sync with that, e27 spoke with Subho Halder, the Co-founder of Appknox, a mobile security firm that is being accelerated by JFDI. Halder has been a member of the RSA Conference since 2009. Currently, he and his co-founder are running a startup that helps mobile applications identify security vulnerabilities on any platform.
According to Halder, there are three key trends witnessed in the internet security scenario:
Firstly, there are Bring Your Own Device (BYOD) Security Companies which mainly target multinational companies, helping them with their IT policies. Usually, employees are not allowed to bring their personal devices into the office because that may compromise confidential data. However, with the implementation of BYOD solutions, they are allowed to bring in their devices after they have been tweaked, so as to not disclose data with their applications or software. These companies focus more on IT policies, and provide security as a service around those specific set of policies.
One such example would be when the company policy requires that all devices should connect through a virtual private network. The BYOD companies will route the data through the virtual private network, but the data itself may still contain sensitive personal information. It is not a completely secure system. However, organisations will not have their private data disclosed. Companies like Skyhigh Networks, covered in our previous article, are working in this space.
Secondly, there is a trend of Antivirus or Anti-Malware Companies which target the end users directly. These companies detect malicious applications on the internet, but do not find security vulnerabilities that are present in applications not meant to be malicious. Looking at the statistics by ZD.net, only 13 per cent applications out of the total applications present in Android ecosystem are malicious, but around 74 per cent face huge security risks. These companies fail to answer the security vulnerabilities of these applications as they would be detected when scanned for malware.
Lastly, there is a trend of starting Security Audit and Pen-testing Companies which are targeting application developers to help them find security vulnerabilities or loopholes in various applications. These pen-testing and security audits are done manually and some take a hacker’s approach in detecting vulnerabilities. With so many new security threats arising every day, it is hard for anyone to keep updated with them. These companies make use of people who are in tune with this landscape to help detect these new threats.
According to Halder, this is the correct time for a security startup to disrupt these three categories of companies and come out with something better and more comprehensive. He also claimed that it is important to identify the correct approach to deal with this ever growing concern of information security.
The reader can find out more about internet security from his blog.
As the internet integrates with daily life, the RSA Conference APJ committee and e27 are working together to cover a series of stories on how startups are finding new ways to help organisations and people maintain their privacy and security. Interested participants can submit their entries on the Conference website here. The call for submissions will close on June 6, 2014.