“As CISOs we need to be proactive to assure Information security and enable Business to achieve goals by delivering on the company’s trust to customers and stake-holders”
I had 12+ years of experience in technology, security and system management, engaged in leading and contributing towards multi dimension of Information technology, Information security and System management in retail industry, my experience spanning across functional domains, retailing solutions, Infrastructure, Networking and Security, delivery management, vendor management, out sourcing and ERP implementations projects. I worked for leading retail organizations link Future Group, Aditya Birla Retail and currently working at Celio as Head Technologies.
Information Security as a profession
Throughout my journey in Retail industry I understood overtone of information security and challenges of protecting information and data. We need to undergo both computing and business management to be on the ball and effectively equip advanced information security systems to strengthen Information security. I am passionate about recognize, adopting, utilizing best practices in security engineering and solving security problems in an innovative and creative way.
Big challenges CISOs facing today
Effectively managing the ever-evolving information security landscape itself is a big challenge. Responsibility of CISO is running and changing company. In running the company we can ensure security but in changing the company by adaptation new technologies into traditional enterprise IT which is leading the info security challenges. We are exposing secure network to various interfaces with internet, smart phones, clouds and big-data systems. The risk levels also increase. Another key challenge is creating more access than before and managing them. Previously IT was sure on whom to allow and whom not to allow, but now we have given measure risk and provide access to lot of end users depending on the type of data. Balancing privacy and security is also a concern. As CISOs we have to find innovative and smart solutions to enable businesses goals with best security systems.
Information Security Outsourcing
Outsourcing security doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services. However the options for outsourcing information security services are not without risk. It all depends on companies and a governance function involves strategy and budgets to what to be right solution. I personally believe in managing Information security by in-house team with assistance from external expert consultancy partners could be best fit and more effective.
Data Privacy and Data Security
Safeguard critical data and help ensure regulatory compliance is the key for successful CISO. Data should be protected no matter where it resides—in databases, applications or reports across production and non-production environments. Data privacy and security helps enterprise to prevent data breaches, ensure data integrity, reduce compliance cost, and protect privacy. Creating real-time, business-driven masking and security policies is very important as data grows in volume, variety and velocity.
Suggestions to Information Security vendors
Information Security vendors should come with robust / future ready security solutions with proof of concept while introducing new products / solutions and should involve experts in understanding our business needs and recommend solutions. Vendors should not be in hurry to sell the product or create emergency to market products / services. We wish to see a vendor working with us as collaborates in ensuring future ready solutions.