IS in the integrator's business: current trends in information security, projects, comments

The domestic information security market shows steady growth. The number of IT companies involved in information security processes is also increasing. Anton Antropov, a leading business development expert in Information Security at STEP LOGIC, told ICT-Online.ru about the importance of information security competencies in the business of integrators, current protection technologies and implemented projects, existing cyber threats and the possible appearance of new ones.

- How important is competence in the field of IS for an integrator? Why are large integrators (or groups of IT companies) actively developing this area? (And not only IT: for example, Rostelecom has recently purchased Solar).

In today's world, information security issues are becoming a priority both at the global and local level. States are challenged with strengthening their information frontiers, and companies and organisations are aware of the importance of protecting their own infrastructure and are ready to invest considerable resources in information security and risk management solutions. If we talk about the micro level, then, probably, there are no Internet users left in the world who would not encounter malware on their PCs.

Obviously, the problems associated with ensuring information security did not appear today. Given the development of the information society and technology, their number will only increase. Attacks become more complex, which means that a complex response is necessary. Digital transformation increases the "information perimeter" of organisations, and this leads to the fact that there are more and more "holes" and opportunities for penetration into corporate networks and leaks.

The active development of information security areas by system integrators and other companies is a response to the growing market needs. Non-transparency and undocumented processes within the organisation and their negative impact on security, dynamic changes in the regulatory framework, and finally, the lack of qualified personnel in the market make information security a demand-driven and profitable business.

- How do you develop this area, including from an organisational point of view (department, centre of competence, a separate company)? What is the percentage of IS-related projects in your company? Basically, for which customers are they implemented? Specify the most significant projects for you in this area.

STEP LOGIC has been developing the area of information security for more than 15 years. Our main customers are large organisations from the financial sector, telecommunications, oil and gas, transport, manufacturing sectors, fuel and energy complex, as well as government agencies. The company implemented 28 large complex projects in the field of information security in 2017 only. This is without taking into account small tasks and constant requests for consultations, which occupy a significant part of the company's activities.

The Information and Network Security Department of the company is divided into specialised units in areas such as integrated information security solutions (personal data, geographic information system, computer-aided process control systems, financial organisations and banks, critical information infrastructure, data processing centres), consultancy services, information security audits and compliance audits, threat modelling and risk assessment, development of organisational and administrative documents, certification, network security solutions, end host and application protection.

The integrator has more than 350 certificates of international non-profit organisations and the largest suppliers of information security, is a partner of 80 leading foreign and Russian vendors. We are particularly proud of the highest status of Cisco Systems in the field of security—Master Security Specialisation, which we received in 2007, which was obtained by only two companies in the Russian Federation. Our specialists hold all the necessary FSTEC, FSS, MoD licences and are members of the Association of Users of Information Security Standards and the British Standards Institution and participate in expert groups for the Digital Economy of the Russian Federation programme.

- What are the current trends and main threats in the IS market? Can any of them be called fundamentally new, revolutionary? What is their cause?

The main trend in the information security market is the growing complexity of threats. To spread malware, attackers are increasingly using social engineering techniques, which is a new challenge for corporations. Therefore, one of the strategically important tasks of organisations is the training of employees, the expansion of their knowledge in the field of digital hygiene, the integration of information security in corporate culture.

The active digitalization, complexity and convergence of systems, the "transition" of physical objects into the information space and, in general, the development of information technologies lead to the fact that new objects are added to the traditional targets of hackers—the banking and financial sector: cryptocurrency exchanges, networks of IoT and IIoT devices, etc., which are attacked almost every day. For example, literally this week, a vulnerability was discovered that allowed attackers to crack the control system of a construction crane and remotely control it from the ground.

- How does the import substitution trend affect the information security? What are the features of projects for government agencies?

The Russian market of data protection tools, of course, shows a steady growth. Many manufacturers invest considerable financial and intellectual resources in their own development. However, it takes time to create and launch truly breakthrough solutions in the market that can compete with global manufacturers.

The increasing complexity of certification procedures for foreign-made products effectively closes entry to government agencies for foreign vendors. Nevertheless, the market has already adapted to such limitations, including through the creation of OEM partnerships.

- SOC-centres, State System for Detection, Prevention and Mitigation of Computer Attacks—does your company have to deal with this?

Of course, in projects where it is necessary to fulfil the requirements of the relevant regulatory documentation, we are faced with both the State System for Detection, Prevention and Mitigation of Computer Attacks and the Centre for Monitoring and Responding to Computer Attacks in the Credit and Financial Sphere. In addition, many commercial SOC centres are now being designed or completed to be compatible with these systems.

Creating your own SOC-centres is a rather expensive event, which is further complicated by the lack of skilled workers. At the same time, organizations do not have to build their own operational monitoring centres for information security, there are companies on the market that provide SOC as a service. Thus, STEP LOGIC proprietary solution is a comprehensive product STEP SOC includes access to SOC (Security Operation Centre) functionality through a flexible service model, as well as a complete list of relevant work for information security upon customer's request. Even despite the cautious attitude of security specialists to cloud services, the demand for this service will only grow due to the above reasons.

- What technologies do you use to ensure your own safety?

As part of the Department of Information and Network Security, STEP LOGIC has its own laboratory, in which various solutions of both Russian and foreign production are tested. They are tested for quality, compliance with technical requirements for specific projects, compatibility with the IT landscape of organizations. As a result of testing, the best products are recommended to customers and are used to ensure the company's own security.

- Looking into the future of cyber threats—what will happen? Tell a few words about your company's plans in the field of IS?

As I have already said, the result of the rapid development of personalised technologies, artificial intelligence, the Internet of things is the growing number of attacks, as well as the expansion of opportunities and areas for their implementation. Any object can be a target for hackers—from the refrigerator to the spacecraft. A universal response to the growing threats to the corporate sector continues to be a risk-based approach. It is necessary to rank business processes, allocate systems that need more careful protection at all levels.

As for the STEP LOGIC plans, the IS area is one of the strategically significant for our business. We continue to expand our staff, increase employees' competencies, work on expanding our partner network, develop our own products, track new items appearing on the market, study them and form solutions that best meet the market challenges and business requirements of our customers.

Our goal is to provide customers with comprehensive support in the development of corporate systems and the entire IS area. For example, this year many companies faced the problem of meeting the requirements of No. 187-FZ “On the Security of the Critical Information Infrastructure of the Russian Federation”. In accordance with the law, enterprises and organisations should categorise their IP, ITS and ACS and notify the Federal Service for Technical and Export Control of the Russian Federation about the results. However, in practice, some companies do not understand both how to categorise and whether they fall within the scope of this Federal Law. Therefore, we have developed the methodology that contains a detailed action plan, cases, a series of questions and answers, as well as templates of necessary documents that will help organisations independently determine the significance category of the critical information infrastructure objects and meet a part of legal requirements. The methodology is distributed absolutely free of charge and is available for download on our website.

Source: ICT-Online