In a candid conversation with Sudhir Nayar – Director SMB, Microsoft India, Dataquest tried to understand how SMBs are exposed to cyber threats and what steps they can take to keep threats at bay so they remain focused on their core business rather managing IT and risks. Excerpts:
Q. How do you perceive the contribution of SMBs to the Indian economy? What are the cyber security risks SMBs are exposed to?
India is home to a large base of over 51mn SMBs generating employment for over 116mn people. The government’s “Make in India” initiative and its emphasis on increasing the share of manufacturing in the gross domestic product (GDP) from the present 14-15 per cent to 25 per cent by 2022 has the potential to transform the fortunes of the MSME sector, enabling it to scale unheard-of heights.
In an environment where cyber threats continue to grow exponentially in volume, complexity, and threat vector, it’s vital for SMBs to defend themselves against cyber-attacks. SMBs are also at a greater risk of being targeted by Cyber Attacks as they don’t have the same security system and infrastructure as their larger counterparts. In this scenario, it is important for SMBs to understand the need and importance of security management and be better prepared for cyber security threats to which they are constantly exposed to. According to a 2014-2018 IDC forecast, 71% of security breaches targeted small businesses.
Microsoft can help guide SMBs through their digital transformation—from helping them understand their current security posture to developing cybersecurity strategies that support their business goals, and implementing comprehensive solutions across three functional core areas: Protect, Detect and Respond.
Q. What does this rising threat of cybercrime mean for your customers?
Today, cyber security threat poses a greater challenge than ever before. . In recent years, we have witnessed significant growth in cases of hacking on reputed and emerging organizations. Beyond the financial and data losses, cybercrime incidents also lead to loss of reputation for businesses. Beyond the economic and reputation impact, organizations have to bear the legal ramification of failing to adequately protect valuable corporate assets.
Q. How can SMBs keep hackers at bay?
Keeping in mind resources and budgetary priorities, it is often in the best interest of SMBs to outsource their security requirements and adopt cloud-based security solutions and do away with the need of acquiring hardware, software licenses and headcount.
Microsoft’s team works with SMBs to understand their business goals, challenges and technical maturity to develop an enterprise security strategy to stay ahead of trending threats. A sound strategy depends on knowing what technology and processes the business relies on today and how well the IT strategy keeps the organization protected. Microsoft’s business and capability-focused assessments can help enterprise gain the insights needed to develop a strategy that protects their business now and into the future.
Q. What are the security benefits if SMBs substantially invest in Microsoft Cloud technologies especially Office 365?
Microsoft Office 365 offers security controls that enable customers to customize their security settings. Office 365 is trusted by customers of all sizes across virtually every industry, including highly regulated industries such as healthcare, finance, education, and government. Because Office 365 manages productivity services for such a wide range of industries and geographies, it offers built-in security and allows customers to enhance the security of their data.
Built-in security: Microsoft Office 365 comes with built-in security features such as 24-hour monitored physical hardware, isolated customer data, automated operations, secured network and encrypted data. Office 365 data is stored in the Microsoft network of data centers, run by Microsoft Global Foundation Services and strategically located around the world. The in-built security features protect customer data at any point.
Customer controls: Office 365 combines the familiar Microsoft Office suite with cloud-based versions of our next-generation communications and collaboration services: Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft Lync Online. Each of these services offers individualized security features that the customer can control. These controls allow customers to adhere to compliance requirements, give access to services and content to individuals in a customer’s organization, configure antimalware/antispam controls, and encrypt data where a customer holds the keys.
Enabling user access: Office 365 data and services are secured at the data center, network, logical, storage, and transit levels. In addition, it is critical for customers to be able to control who can access data and how they can use data. Office 365 uses Windows Azure Active Directory as the underlying identity platform. This enables Office 365 customers with strong authentication options granular control over how IT professionals and users can access and use the service. Office 365 also allows integration with On-Premises Active Directory or other directory stores and identity systems such as Active Directory Federation Services (AD FS) or third-party secure token systems (STSs) to enable secure, token-based authentication to services.
Enabling compliance: Office 365 delivers a range of compliance features, including data loss prevention (DLP), eDiscovery, and auditing and reporting functionality. Across these capabilities, the user experience is preserved and productivity is not impacted, leading to greater user acceptance.
Q. Is there any special feature you would like to highlight in your efforts to help SMBs stay secure in their digital journey?
At Microsoft, Cyber security is our utmost priority in all of our products as we endeavor to be a partner in our customers’ growth. Identity is the control plane at the center of our solution helping them to be more secure. Only Microsoft offers cloud identity and access management solutions running at Internet scale and designed to help secure customer IT environment. Microsoft Azure Active Directory has hundreds of millions of users, is available in 35 datacenters around the world, and has processed more than 1 trillion (yes, trillion) authentications. Our innovative new technology, Microsoft Advanced Threat Analytics is designed to help customers identify advanced persistent threats in their organization before they cause damage.
Additionally, Microsoft Enterprise Mobility Suite (EMS) is enabled with Advanced Threat Protection (ATP) which helps customers prevent zero-day malware attacks in their email environment.