Interview of TAdviser with the head of department of information security of Amtel-Service company Alexey Zaletsky

Alexey Zaletsky: According to data of the analytical agencies in the world growth of atakovy activity is observed, and the percent of the attacks aimed at the specific companies and the organizations grows. In response to it information security market and developers of means of protecting began to provide highly specialized means - in a counterbalance and in addition to traditional universal solutions. For example, firewalls of the application layer and means of protecting from the targeted attacks appeared. In addition to the specific trends connected with evolution of threats the market of cybersecurity is influenced also by the trends observed in general in world IT market: Big Data, mobility, mass transition of the companies to use of clouds. As a result in the market specialized technologies, solutions and products for protection of clouds, security of mobile communications, accounting of requirements for work with Big Data appear.

In the Russian market of cybersecurity the same trends, as on world are observed. Features are connected, generally with requirements of regulators of the market, including regarding certification of information security tools, application of domestic cryptography. It should be noted that the popularity of services of outsourcing of cybersecurity and services in testing for penetration which in previous years the domestic organizations treated very watchfully gradually grows in Russia. In this plan we lag behind the western countries a little.

Alexey Zaletsky: For the last 2-3 years, in our opinion, essentially new solutions did not appear. It is rather possible to state more active development of the technologies which are already presented at the market. For example, demand for specialized screens on protection against the web attacks (web Application Firewall) grew that influenced emergence of new interesting products of this class. Also classical information security tools evolved. So, firewalls of the next generation provide protection, based on users and applications which they address. Capacity of the Russian cryptogateways increased to 10 GB/sec. when using domestic cryptography. It is what our customers processing large volumes of data, including banks, the energy companies, large government institutions waited long ago for.

Regarding clouds means of protecting of virtual environment from unauthorized access, agentless antiviruses and other specialized information security tools became popular. In this segment more products from different producers appeared.

Wide use by customers of mobile devices resulted in the need for solutions for management of mobile data – MDM (Mobile Device Management) which allow to implement data protection when using communicators, tablets, smartphones. One more direction where recently new means of cybersecurity – protection of the PCS (automated process control system) appear. As for protection of environments of Big Data, emergence of the main solutions and products using this approach, still ahead.

Alexey Zaletsky: The normative innovations which influenced the Russian cybersecurity market in the last decade appeared quite a lot. From recent documents - active development of solutions in the field of protection of the PCS was actively influenced by the Order of FSTEC No. 31 of 3/14/2014 which placed priorities on data protection on crucial objects. It is worth remembering also emergence of Law 152-FZ of 7/27/2006 10 years ago "Personal data". I want to emphasize that this law - a turning point in market development of information security in Russia. After its emergence the companies began to consider cybersecurity not just as a subsystem of the implemented information systems and as a separate system. Further a serious impact on the market was had Order No. 21 of 2/18/2013 defining how to execute personal data protection, Order No. 17 of 2/11/2013 on protection of the state information systems, the Law "On the National Payment System" of 6/27/2011.

From recent innovations – GOST P 56938-2016 adopted this summer "Data protection. Data protection when using technologies of virtualization. General provisions", for the first time in the Russian legislation defined how it is necessary to provide protection of the environment of virtualization which is a basis of creation of private clouds, different aspects on data protection upon transition to clouds. This standard that pleases, considers not only protection of the environment of virtualization, but also protection of the virtual information security tools and information security tools held for use in the environment of virtualization. But if to speak about clouds in general, then the standard does not contain information on protection methods depending on type of the used cloud services (IaaS, PaaS or SaaS) and some other aspects, including protection of client level. I think, all this will find reflection in standards which we expect in the next years.

Emergence of the GOST P 56938-2016 domestic standard first of all gave the chance to compare former approaches with recommended. For example, we were convinced that the approach and methodology on protection of the cloud systems applied by us completely correspond to GOST in a part which it covers, for the rest we continue to be guided by foreign standards and recommendations.

Alexey Zaletsky: I do not think that the Russian customers have a certain special mentality, but stereotypes regarding cybersecurity are available. And the first of them consists in several negligence to internal documents on cybersecurity – to regulations, rules, etc. I not seldom face opinion that it is only formality, and the basic for data protection - use of software and hardware tools. Actually documents (certainly, together with personnel training and control of their execution) are extremely important for creation of the IB effective system too. For example, it is possible to come to the company or to call by phone, and by means of methods of social engineering it is elementary to get confidential information at employees. And for corporate perimeter existence of special software and hardware tools will not protect from such methods and ways of penetration. It is necessary the complex approach meaning and development of efficient, qualitative documents on cybersecurity, and application of modern information security tools.

Alexey Zaletsky: Certainly. The information security – not a single task, not something static, is process which should be built in the general management system for the organization. And with the advent of new technologies – overcast, mobility, Big Data – approaches to providing Information Security should change too, documents to be improved, the system of protection to evolve.

Alexey Zaletsky: The second delusion: personal data protection is not relevant any more. Such opinion develops because subject PDN nowadays does not win first place in the information agenda on cybersecurity. Actually not so, for example, the number of appeals of physical persons and legal entities with complaints according to personal data in Roskomnadzor for last year increased by 60.44%. Every year the number of checks and volumes of penalties for mismatch of processing of personal data to requirements of the legislation grows. So, for example, in our company demand for audit and reduction of processing of personal data according to the Russian legislation for the last year grew more than twice.

The third stereotype concerns cloud computing. Many consider to this day that information security of the IC when using clouds, including – private, it is impossible to provide at the same level that for classical IT systems. Actually, modern information security tools in clouds already proved the high efficiency, and experience of our company it confirms. I will note that this stereotype can be considered positive since upon transition to use of cloud computing question cybersecurity is always brought up at rather high level. Moreover, many cloud solutions implemented in recent years are safer in use, than traditional.

And the fourth stereotype: the information security is only costs. However, as practice shows, more and more companies use cybersecurity as a method of obtaining competitive advantage. For example, the bank implementing the IB new advanced technologies can use this fact in the advertizing purposes, attracting clients for whom security issues are especially sensitive.

Alexey Zaletsky: If to look at a situation in general, then according to estimates of the foreign and Russian analytical agencies, customers began to treat slightly more quietly the publication of data on cybersecurity incidents. Ten years ago the number of publications on incidents was extremely small therefore the being available statistical data were not suitable for the analysis. Most the companies hid information on cracking, a part of the companies did not even know that their systems were cracked – as had no at that time the means allowing to obtain information on the occurring incidents. Today there are also technologies and means. For example, use of DLP systems allows to detect leaks of confidential information. Use of SIEM systems except the basic function also allows to obtain static data on cybersecurity incidents. These tools, in addition, still increase transparency and controllability of business and as we already spoke above, are capable to provide additional competitive advantage.

Alexey Zaletsky: The information security – one of the key directions Amtel-Service, now its share in revenue of the company is about 20%. We conditionally separate a portfolio of services for cybersecurity into 4 groups. The first and main direction – providing Information Security where services and the solutions necessary as for creation of end-to-end systems of data protection, and separate subsystems enter. Every second such project is a part of the complex infrastructure project. It should be noted that demand for SOIB for classical IT systems at the moment remains, but at the same time the share of projects on protection of private clouds grows. We refer services in outsourcing of cybersecurity which implementation happens based on the Service center of the company where all processes and methodology of implementation of SLA projects of different scale are well smoothly running to the same group.

The second group of services – ensuring compliance of the organizations to requirements of the Russian regulators, including 152-FZ which are often integrated to services in creation of the corresponding systems. The third direction includes services in development of documents in cybersecurity, instrumental audit of information systems, including active (conducting pentests), demand for which promptly grows. And the fourth direction - certification of objects of informatization and license work.

On preliminary results of 2016 the first place on demand and also implementation among our customers is divided by services in ZPDN, including certification, and protection of cloud environments – both corporate, and the help in ensuring protection of infrastructure of cloud providers.

Alexey Zaletsky: New GOST on protection of means of virtualization does not cover all aspects of protection of clouds, and owing to the fact that it was accepted recently – in June of this year, it is essential to affect the market was not in time yet. Before emergence of this GOST the Russian customers were guided by the western standards, but the product approach based on the best practices presented at the market was most often used. The main problem of product approach - impossibility to provide an end-to-end system of protection in a cloud. So, booking audit, we often face that the customer places big emphasis on one of protection levels: client, applications, platforms/infrastructures. For example, at the high level protection of the environment of virtualization is executed, but at the same time the issue on protection at the client level is not resolved, issues with security at gaining access from mobile devices to a cloud are not resolved that leads in general to extremely low level of security. Actually, we help the customer to see all picture of security of a cloud and to eliminate vulnerabilities.

Alexey Zaletsky: For the last year we implemented projects on ensuring protection at transfer of the IC to a cloud platform for several telecom operators and also in a number of financial institutions at which private clouds with complex information protection were constructed. Each project is in own way unique. They differed in the used cloud services (IaaS, PaaS or SaaS) and models of their providing to users. In each of project data a system protection of a private cloud depended on the applied environment of virtualization and a management system for cloud services. Solutions differed at all levels: client, applications, platforms/infrastructures. However, methodology in all projects uniform: detailed examination with the analysis of threats for each level (it is the major stage as at all variety of implementation of clouds, the studied technical solution strongly depends on model of threats) is conducted, technical solution which is implemented further is studied. The major tasks which had to be solved in the course of project data is an ensuring confidentiality of the data processed in private clouds, access isolation, protection against a malicious code and different types of the attacks and also system managements and events of security of a cloud.

There is no universal standard solution here and will hardly appear in the next years. It is caused by the different reasons, including insufficiency of standards in the field of protection of clouds, the information security tools aimed at different aspects of protection, but crossed in functions, aiming of means of protecting only at extremely limited set of environments of virtualization.

Alexey Zaletsky: The market of cybersecurity grows, despite crisis – it can be stated, based on information of the analytical agencies and our own experience. Based on three quarters we expect 25% growth of revenue in the direction based on the current year in comparison with 2015 and also we are going to save positive dynamics and further. Our key customers on cybersecurity are banks, retail, telecom operators, also a number of large-scale projects for a public sector is planned for 2017.

Amtel-Service will offer further services in data protection both for traditional IT systems, and taking into account three main technology trends of modern IT market – cloud computing, mobility, Big Data. Let's continue to improve and develop services in personal data protection, certification of systems on compliance to requirements of the legislation.