“Outsourcing activity should be viewed in terms of the benefits it could bring and risks it could reduce”
1) Tell us in brief about your professional journey till date.
After completing my post-graduation in management, I started my career with Siemens Ltd in Sales function. From there on, I have grown into various roles with broad horizons, right from heading the Business Development area to becoming a Delivery head for IT Company, then being a Principal consultant in BFSI segment and now as Technology Head for ICICI Prudential AMC. Throughout my professional journey, I have served in various functional areas for organizations.
2) Why did you choose information security as a profession?
More than I chose information security as a profession, I believe the profession chose me. In my opinion, information security provides new challenges every day; not just black and white, but many challenges are grey. The satisfaction that one gets while conquering such challenges is an adrenaline rushes in itself; hence I am quite thrilled looking into this area of business.
3) According to you what are the big challenges CISOs facing today?
The way business is being conducted has evolved drastically over time, posing new challenges to all Information security professionals. Data movement is no longer confined to a boundary and is increasingly being used in a borderless world. Innovative use of newer platforms like Social Media and Mobility including concepts like Bring Your Own Device (BYOD),work from anywhere, mobile applications and internet present big challenges to CISOs ;thereby, requiring them to innovate and support the business while securing data movement using these new platforms.
4) Do you believe in ‘information security outsourcing’, and if so, to what extent?
I believe that Information Security is a core function and also a very sensitive part for the management of any organization. Core functions should not be outsourced completely as outsourcing will increase the risks for the organization. Having said that, some of the areas where outsourcing can work are Penetrations testing, Vulnerability Assessments, Network & application security reviews, consulting assignments to establish or implement new standards or frameworks etc. Hence, any outsourcing activity should be viewed in terms of the benefits it could bring and risks it could reduce for the organization.
5) How do you define the thin line difference between data privacy and data security?
There are many overlaps between the two but there are certain distinctions as well. Data security deals more with ensuring that data is not stolen through external or internal entities; hence, many technological and procedural barriers are built around it so that data remains protected. On the other hand, data privacy deals with those aspects where the owner of the data is the only person who should have access to the data unless the owner provides permission for another person or entity to access the data in order to provide certain services.
6) What will be your suggestions to information security vendors providing solutions to reach your expectations and satisfaction?
Currently, we see many vendors using FUD (Fear, Uncertainty, and Doubt) to sell their products or services. In my opinion they should rather focus on demonstrating how their solution will create value for the organization. They should look at becoming trusted and strategic partners in the information security journey for the organization and if they manage to have such a positive approach, the rewards that comes along will be there for all to see.