India faces a huge challenge of ensuring that it is a secure destination for outsourcing where privacy and protection of customer data are enshrined in the global best practices and followed by the industry.
The market in India is slowly maturing and warming towards the fact that security is a critical factor and investments need to be made to secure data, information and knowledge within organizations. Those charged with ensuring security in industries like telecom face many challenges today. While traditional threats such as war dialing, toll fraud and eavesdropping remain concerns, VoIP technology has introduced a new set of threats to telecom security. Telecom managers must now confront threats such as registration hijacking, proxy impersonation, message tampering and denial of service attacks.
Lucius Lobo, Global Head, Security Services, Tech Mahindra takes time off to discuss the challenges of providing a secure end-to-end information security solutions designed to mitigate both external and internal risks, ensuring a secure, resilient and dynamic infrastructure.
Data security and privacy protection are the current watchwords globally and India is no exception. What do you think India should do to make data protection an important enabler for growth?
The whole world is concerned about data security and all the countries have laws on data protection, which includes both – data security as well as privacy protection. Therefore, clearly in India, we have to take a step, which should not only secure data and engage in privacy protection, but also demonstrate to the world that we have taken these steps.
Data breaches do happen everywhere in the world and, will likely to continue to happen in India as well. But then, how well we can design, assess, implement and manage robust and cost effective security solutions is of great importance. We help clients to benefit from various consulting, assessment, system integration and managed services engagements across the value chain of an end-to-end security lifecycle encompassing wide risk management strategy with reducing administration, operational costs and improved productivity.
With the banking, finance, and telecom sectors in India increasingly relying on IT-enabled channels and with more and more services being delivered over the Internet, what can be done to ensure that the magnitude of information is not compromised?
Any organisation for that matter that would like to protect their information assets. Mainly it is the data. Threats are universal in nature – there are external threats, which are now becoming more and more organised, there are international crime syndicates. They engage in targeted attacks and banks are, I would say, in the forefront of bearing the brunt of such attacks, because they are sitting on money — since money is stored as information. In addition, other than the external threats, it is the insider threats by way of misuse of privileges by those who are protecting our information systems, which they have access to.
And what do you think is the adoption rate of the security measures in the country? Is it on the expected lines or do we still need to do more?
It is on the expected lines. If there is any sector in the country which has practices at the highest levels of implementation for security and privacy, that is the banking sector. The banking sector is also a highly regulated sector. RBI has very good guidelines on banking; they have recently released a report on the electronic banking on standards for both services, security, and governance and so on. Security has achieved a major focus in that sense.
More and more personal information is crossing the borders in trans-border transactions with some of them resulting financial frauds by the misuse of credit and debit cards, what are your views on it?
It is the global data flows that are dominating the world now. These global data flows are bound to be even more if you go by the trends of social networking and by the trends of cloud computing. Such data is crossing borders all the time and likewise, in social networking as well.
And the other part is the business-to-business transactions. When a business sitting in North America or Europe is sending its data through a service provider in India or business processes outsourcing company or IT-enabled services and so on, all these data are being transferred across the borders. So, security and privacy protection are at the forefront for the clients outside, customers of the clients out there in other countries. And Likewise, when employees browse their Gmail, Yahoo, etc accounts and so on while working on projects, clients are concerned about our data protection as well.
Lastly, in your opinion, how has the evolution of security in IT in India come about?
First of all, the IT industry has been at the forefront of implementing security — right from day one. Primarily because they are closely linked with their clients. Clients are outsourcing, so there is a certain level of security they implement in their operation, wherever they are. So, by default, they get transferred into their service providers as well. Which means that the Indian companies have been imbibing good practices from their clients continues.
Security has increasingly become a business-centric function, instead of being an IT-centric function with the Chief Information Officer of an organisation increasingly reporting to the top management, even the Chief Risk Officer.
I would say that the security in IT in India evolved over the last 10 to 12 years from being a totally IT-centric function to a business-centric function, which I would say is a very good development.
