Best Practices for CISOs – Sandeep Sengupta, Director, ISOAH Data Securities
How are business imperatives such as mobility, cloud and IoT impacting information security in an enterprise?
With the data regulation, data protection regulation which is coming up fast all over the world, the privacy of the data has become very important. Putting the data boundaries, where is my data-how spread is my data-who has access to my data- are some of the important questions to be answered. Most of the CXOs are finding it very difficult to control the access of this data and the geographical location of these data with the cloud. And when it comes to mobility, it is very difficult to control how far the data is moving.
What best practices should CISOs adopt to balance business growth and security threats arising from new technology models?
In the security world, we talk about PPT (People Process and Technology) where Technology comes last. Every security problem is the people’s problem, which is the most neglected part. The people are not aware; the companies are not putting much effort onto making them aware of the dangers. So knowingly or unknowingly, they are the source for all the security incidents. So it is believed that if the CXOs have to take the right decision, they have to focus on the people and stern them and also strengthen their process that shall make vulnerability in any organization. And if they focus on people and process, their spending on technology would be drastically gained up. And if PPT is considered as a whole, every company would be much more secure than what they are now.
How is a shift in the threat landscape forcing security vendors to make shift in their solutions and strategy?
Most of the vendors are coming up with technologies which are people centric. The machines adopt the behavior of the people and makes the environment secure. So, if today you’re buying new technologies to make the company secure, you must know whether that technology is people centric or not. The new security landscape is changing; OEMs have to take that into consideration. As because whatever is mainstream right now may not be the way people maintain their lifestyles over the coming days.