Security

January 13, 2005
Cyrca focuses on IT security, compliance in India

Geetanjali Wadhwa & Pradeep Chakraborty

BANGALORE -- Cyrca Data Security Solutions recently announced its entry into the Indian market with customized solutions to address critical IT security issues in the outsourcing, financial services and healthcare sectors. It will offer solutions combining in-depth operational security expertise and technology to assist enterprises with today's critical information security, privacy and compliance requirements.

Founded in Toronto in 2003, Cyrca is led by a team of entrepreneurs, technologists and academicians, and plans to extend its expertise to the Indian and Asia Pacific markets. Established by a team of seasoned information security and business process consultants, Cyrca is addressing a pressing need for organizations to focus beyond their immediate security threats and regulatory compliance pressures.

Kumar Malavalli, chairman of Cyrca said that the launch of Cyrca India into this dynamic information ecosystem further enhanced its commitment to deliver security solutions to aid enterprises in moving up the business value chain. With an innovative and holistic approach to information management, Cyrca's team of experienced consultants will meet the IT security market with unique offerings.

According to a report by PwC, the size of the security market in India in 2003-04 was found to be Rs. 2,400 million. Further, IDC said that global businesses spent $42 billion on security on average in 2003, accounting for 4.8 percent of the total IT spending. According to the Meta Group, as a percent of IT budgets, security spend was set to double or triple by 2006.

Hari Venkatacharya, president and CEO, Cyrca noted that the launch of Cyrca in India re-inforced the firm's belief in the need for a comprehensive approach to looking at the global issues of security and privacy. He said: "We are confident of the potential of the Indian security market, and the innovative focus of our offerings that are ideally suited to cater to these critical needs. We are witnessing a movement in prioritization for IT security spending, and in the coming years we believe we will see a dramatic shift towards adapting and conforming to global security and privacy regulations."

He added that storage capacity would also continue to accelerate. He cited figures from UC Berkeley, which said that global digital data production would be 99.5 exabytes in 2005. Next, IDC said that there would be an annual growth of 41.2 percent in storage capacity, with 275 petabytes being shipped during Q2-04. According to Gartner, 45.6 million USB flash memory would be shipped during 2004 and it would double in four years.

Compliance was legally mandated as well. There were 15,000+ regulations in the United States alone. As more records were created, and more retained, there was more risk and value in information, which in turn led to more regulations across more industries. According to a PWC/ASIS study during 2002, the cost of loss of corporate information was between US$ 53-59 billion. The cost of R&D data loss was US$ 404,000 per incident, while it was a loss of US$ 356,000 per incident for financial data, and the loss for customer lists and related data was US$ 117,000 per incident.

With regard to global regulatory issues, such as Sarbanes-Oxley, he added that with compliance becoming much more stringent, and the US government passing legislation to enforce security and privacy laws, businesses needed to have more rigorous data security, compliance processes and infrastructures, both internally and externally. For Indian companies to provide services to US clients, they would need to strengthen their security initiatives. Cyrca will enable Indian companies to meet all of these requirements and help ensure regulatory compliance.

Venkatacharya said that Cyrca India would offer the same solutions it offered in North America. He predicted: "As more companies outsource to India, it is critical to add value, so that companies comply with regulations, security, privacy and compliance. These issues must be addressed right now, or India's market share in the outsourcing business could decrease."

A. Vijayarajan, managing director of Bangalore based Cyrca India, who took charge of India operations earlier this year, will spearhead the growth of the company in India and the Asia Pacific region. Soumitra Bhattacharjee, director - security services, who is also a leading security solutions design architect, will assist him.

He added that the Indian security market was in the formative stage and required educating the users on the urgency of adhering to security measures. Presently, the market largely consists of technology solutions for perimeter security, while business processes and core security were generally neglected. The approach towards completely securing data needs to be viewed more holistically with a greater emphasis placed on protecting intellectual property and sensitive data. He said: "Cyrca's unique 'inside-out' approach towards security has helped to design layers of defense starting from where core business information resides. This is the right time for India to get into security implementation."

With the digitization of business practices, there is a need to make security the foundation. In 2003-04, the domestic IT market had shot up from 9 percent to 24 percent. Capital goods were up 13 percent, and IT products and services went up 22 percent. This indicated the increasing role of IT in businesses. There were already 12 million computers, 4.5 million Internet connections and 44.51 million mobile phones in the country. He further added that storage shipments were set to rise as well from 5.4 petabytes in 2004 to 52.7 petabytes in 2008. Core-banking solutions had been implemented in 35-45 percent out of 68,000 branches.

Outsourcing business was another driver. R&D outsourcing in IT was likely to grow from US$ 1.3 billion in 2003 to US$ 8 billion by 2010. Among the BPOs, 75.2 percent were currently voice based, 9 percent email and 25.8 percent on back office. BPOs were hosting more complex work - complete process migration - and this needed a sound security infrastructure.

Security spending as a percentage of IT spends was currently about 1 percent in India. According to PwC, the security market was worth Rs. 2,400 million in 2003-04, with products accounting for Rs. 1,500 million. The Indian security software market was likely to reach Rs. 4,800 million by 2008 as per IDC. Against this backdrop, a whopping 83 percent of Indian businesses had reported breaches, as against 64 percent globally. Of this, 42 percent had reported more than three breaches. There would also be a demand for 77,000 security professionals by 2008.

Vijayrajan added that there was a need to mitigate business risks as the economic loss from each incident was increasing. While technology enabled productivity enhancements, the growing sophistication of hacking technologies created vulnerabilities as well. Hence, there was a need to enforce compliance, which would require third-party audits. Industry standards like BS 7799, ISO 17799, etc., were already there, as were regulations from RBI, BASEL II, SOX, HIPAA, PIPEDA, etc. Indian companies need to comply with the US and global outsourcing regulations. There was also a requirement for records retention.

Cyrca's knowledge and expertise would enable it to provide solutions in core areas such as data storage and security, and security and technology. The Indian outfit would focus on the core - the intersection of storage and security, 'inside-out' strategy to protect core data, a security framework supporting business process and enabling compliance. The company plans to focus on the outsourcing, financial services and healthcare segments initially.

Contact:
Cyrca India
www.cyrca.net