On Data Privacy Day, which is commemorated on 28 January every year, industry leaders from across the country share their views on the importance of data and the need to ensure security measures are in place. Here is what they had to say:
Ravi Chhabria, managing director, NetApp India
Data used to be a by-product of business. Every organisationbusiness recorded transactions, stored product, process, customer records, during the normal course of conducting business. The sea change in the past few years, is that with deep tech, vast amounts of telemetry, AI, ML, analytics, businesses are being built on data. Data is creating value. Data is the business. Data is the source of competitive advantage. Data also gives rise to risks involved. In addition to traditional risks, there is is are also the ongoing risks of ransomware, denial of service (DoS) and, theft of intellectual property. No wonder, data protection and security have become core to businesses.
Beyond the headline-grabbing numbers, there remain core principles sensible organiszations must observe. Above all else, good security management is predicated on good data management. Along every step of the security journey – from prevent to detect to respond – knowing where your data is, how to extract it, and how it interoperates across and beyond organizsational boundaries are key to ensuring you protect yours and your customers’ most valuable intelligence. With data privacy regulations and requirements growing more complex, users must look at solutions that simplify compliance in encryption and sophisticated AI that maps and classifies data.
Nitin Varma, managing director, India and SAARC, CrowdStrike
Over the last 2 years, there has been a significant rise in cyber-attacks all over the world. The pandemic has increased our dependency on mobile devices and remote access to core business functions. While remote working became the saviour, it also introduced a new set of security challenges by raising concerns regarding identity-based threats, privacy breaches and the loss of essential data from unprotected devices and systems. Despite the best efforts of security teams, attackers consistently took advantage of vulnerabilities, discovering new ways of infiltration and taking advantage of people’s curiosity as well as their fears around Covid, leveraging socially engineered lure files and tactics.
There is a huge digital shift that has been created by the pandemic where many industry sectors have witnessed an accelerated approach towards digital transformation and their erstwhile perimeter has moved beyond their enterprise firewalls to cloud; either a public cloud, hybrid cloud or a private cloud. This has added complexity to the IT architecture stack and also increased the potential attack surface for adversaries to exploit; and often under-resourced security teams to protect.
Today’s new perimeter needs to be buttoned up with operations and security collaborating to create a secure network. With more data moving to the cloud every day, it is imperative to have a re-architecture of the cyber strategy which should go around all three dimensions of security i.e. people, process and technology.
While many cloud service providers offer basic levels of data security, it is critical for organizations to develop and implement a comprehensive data security strategy that’s scalable and combines automation with human threat hunting and threat intelligence. Another critical element of a data security strategy is real-time monitoring, detection and response. These threat detection and response capabilities should be supported by machine learning and analytics to better identify anomalies and malicious activity.
Companies require proficient and skilled cyber security experts who can keep their endpoints, cloud workloads, identify and data secure. Unfortunately some organizations still rely on legacy security solutions that are just not fit for purpose especially as adversaries evolve their tools, techniques and procedures (TTPs). They need security that is scalable, built for the cloud and can carry the same level of control and visibility from their on-premises environment into remote working environments.
Meeting these challenges head on with a layered, unified approach to security will enable organizations to move forward with their cloud plans with the knowledge that their users and data are well guarded.
Neelesh Kripalani, Chief Technology Officer, Clover Infotech
With the new normal dictating the ways of our lives, businesses have turned to digital transformation to ensure productivity and continuity. Cloud has emerged as the biggest enabler by fueling both remote and hybrid work infrastructure. Hence, we had seen Microsoft claiming, just a few months through the pandemic that they have witnessed two years of digital transformation in two months as its customers started adopting cloud solutions. According to Gartner, in the aftermath of the pandemic, the worldwide end-user spending on public cloud services grew by 18.4% in 2021 to a total of USD304.9 billion.
Although a great enabler, cloud raises a lot of security challenges. Cloud security has been voted as one of the biggest security threats that organizations face. Enterprises often misunderstand cloud security as the sole responsibility of the cloud services provider as against viewing it as a shared responsibility. Robust cloud security provides multiple levels of controls within the network infrastructure for the protection of cloud-based assets. Whether in a public or private cloud, enterprise need access to security tools that can protect their data and resources from theft, leak, or natural disasters.
One more important aspect that cannot be ignored when it comes to security is the ‘Human Error’. Surprisingly enough, it is the most neglected link in cybersecurity. Human error in cybersecurity breach is an age-old problem. For years, it has consistently been identified as a major contributing factor to data breaches. The average cost of data breaches from human error stands at USD3.33 million, according to IBM’s Cost of a Data Breach Report 2020.
It doesn’t matter how many security measures and precautions an organization undertakes, a simple human error can still put everything in jeopardy. Whether users are negligent, careless, or simply uninformed, a human error can lead to a cyber-attack and thereby data breach. Hence, enterprises along with cloud service providers need to develop detailed and stringent security policies that clearly outline access and privileged access management, zero trust policy, user activity monitoring, and further educate their employees on the negative impact of cyber-attacks and positive impact of best practices.
Security shouldn’t be treated as an isolated activity. It is a shared responsibility right from the management to vendors to even the new entrants in an organization. Hence, an organization can consider itself completely secure against breaches only by aligning all its stakeholders towards the common goal of ensuring comprehensive security.