“Organizations have to invest on data security in order to sustain the innovation”
Tell us in brief about your professional journey till date.
I have started my career in Finance function. I got into ERP domain in the year 2000. Since then, I have been closely working in IT area of the business. I have contributed to the organizations with my ERP skills as a core business cum functional expert. I had a nice opportunity of leading a mega ERP Project, covering more than 13 countries in South Asia region. It was a rewarding experience as I could work with people of different culture. After the project closure, I became responsible for ERP Support organization. I worked with co-professionals in setting up processes for operating a big ERP Support centre out of Bangalore. I then moved to Switzerland to work on a global project for 3 years. I am currently working as Chief Information Officer (CIO) of ABB India Limited in Bangalore.
Why did you choose information security as a profession?
Information security is a vital part of the organization. The external risks and threats pose big challenges to multinational origination which operate of different geographies. In my role as CIO of the organization, it is important that I focus on this important part of IT function to enable users to enjoy IT with least security threats.
According to you what are the big challenges CISOs facing today?
CISOs today face challenges which were not even foreseen a decade ago at least. The management and employees of every organization demand more sophisticated IT tools for their day to day operations. With the introduction of smart devices, the expectation of people has grown manifold on IT services. The concepts like BYOD and cloud computing come with attached risks which forces CSIOs of today to think differently. Mobility solutions motivate organizations of today to make business critical applications available on mobile. The applications facing internet are always subject to vulnerability and threats. There are also concerns on data privacy and integrity when opting for cloud solutions of modern days. The possible loss of data also becomes a concern for many organizations when they adopt modern IT technologies and migrate from one service provider to other. CISOs of today need to support innovations while keeping the house clean and safe. This is not an easy task.
Do you believe in ‘information security outsourcing’, and if so, to what extent?
Information security outsourcing is a new concept and it will take some time for organizations to accept this piece as part of their operations. Today we are used to business process outsourcing which anyway comes with inbuilt process security as part of the service offering. The organizations need to prepare the stakeholders for this new concept and take informed decisions as to what to outsource and what to keep in-house.
How do you define the thin line difference between data privacy and data security?
Data privacy is not a IT term. It affects everyone on a daily basis. Data privacy is governed by principles of the organizations and IT can support and offer the best tools in achieving the objective. Data security is a broader term in today’s world as it can have big impact on businesses when not handled properly. Data security is ever evolving and there is no end to this. As we encounter innovations, data security becomes a part of innovation and it cannot be separated from it. So it is important for organizations to invest on data security in order to sustain the innovation.
What will be your suggestions to information security vendors providing solutions to reach your expectations and satisfaction?
Information security vendors need to be proactive. Any solutions coming after an incident is good for future but cannot compensate the damage what is done already. So, information security vendors have to anticipate innovations and the aligned risks. They need to have security solutions for each piece of new offerings in the market towards which consumers move. The solutions should be reusable and cost effective. Many a times, people tend to ignore risks only out of fear of investing money on security and hence the solutions should be standardized and cost effective. The TCO of innovations should show declining trend year after year.