On the lines of GDPR-like data protection law, the Govt of India appointed Justice Srikrishna Commission proposed the draft Data Protection Bill in 2018. Whether it is stringent and comprehensive enough to safeguard India citizens’ personal data is a different point, what is perhaps more important is how aware and ready are Indian organizations, specially in the banking and financial services sector.
Gemalto, an international digital security company providing software applications, secure personal devices such as smart cards and tokens, and managed digital security services, conducted the Gemalto Evolution Series recently in Mumbai on the theme : " Drive the Cyber Resilience of Data Compliance in BFSI" aimed at digital security leaders, to discuss and brainstorm how BFSI organizations are gearing up to transform the way they manage their users’ personal data.
It is expected that with the passage of India's proposed Data Protection Bill, organizations will no longer afford to take their users’ personal data lightly and will have to implement the mandated data protection measures to avoid the hefty penalties recommended in the Bill. Amid concerns over growing data breaches, recently new guidelines, to be effective from April 2019, with a stricter cybersecurity framework for stock brokers and depository participants were also announced. The detailed guidelines, for instance, order that physical access to the critical systems should be restricted only to authorized officials and critical data must be identified and encrypted in motion and at rest by using strong encryption methods.
Organizations might not be ready, but policy makers, regulators and users are certainly going to get more demanding.
Speaking at the conference Gaurav Arora, Global Technology Director, (Enterprise & Cyber Security Business) at Gemalto gave the example of how data security is very critical for Oyo Rooms and Ola Cabs, which are large organizations that do not own the logistics and transportation infrastructure, which is mostly outsourced. He said increasingly customer needs are evolving, and they want to deal with organizations where they do not feel vulnerable, but feel safe". He discussed how the onset of technologies like 5G and blockchain leads to decentralization of trust, and will make data security even more challenging. Thus the need for security systems, practices and compliance will be even more important.
The conference also saw a highly interactive panel discussion session on "Data Protection in the Age of Compliance". The panelists that included Gaurav Arora of Gemalto; Bharat Panchal SVP & Head of Risk Management, at the National Payments Corp of India; Mukesh Mehta, CTO, Batliwala & Karni Securities; Suresh Shan, CIO, Mahindra & Mahindra Financial Services; and Nanda Mohan Shenoy, CISA, CAIIB, COBIT 5 trainer, and a leading cyber security auditor. The panel, which was moderated by Ibrahim Ahmad, Group Editor, Dataquest, discussed in detail, the major digital security gaps facing the BFSI sector, and the challenges that CIOs, CISOs and their organizations are facing in plugging those gaps. The experts were almost unanimous that there was poor data security awareness levels across management hierarchies and across organizations, and there was major absence of best practices despite data security being a matter of high sensitivity and high stakes. The speakers also threw light on how soon data protection laws and regulations in India will become more stringent with heavy penalties in the light of the proposed Data Protection Bill in 2018.
Most of the CIOs, CISOs and data security experts present in the conference felt that a lot of distance has to be covered as data security becomes important and the government pressure builds up. They accepted that organizations, specially in the BFSI sector, must quickly build very strong and robust security systems, where technology will play a big role. According to Bharat Panchal, SVP & Head of Risk Management at National Payments Corp of India, the main areas under threat are financial services and payments ecosystem, public infrastructure, healthcare, utilities, devices, and apps. "Proactive risk management and a collaborative approach amongst the stake holders will be the key", he added. The success mantra according to Panchal is ensuring physical security, going for two-factor authentication, encrypting sensitive data, 24x7 vigilance, making people the first line of defense, keeping data only on need to know basis, and patching promptly.
For the benefit of the delegates, most of whom comprised of tech leaders from cyber and data security, application security, and risk and compliance disciplines in BFSI industry, Shenoy presented a detailed report on the major recommendations of the draft Data Protection Bill of 2018 that is waiting to be introduced in the Parliament, and the fine lines within. He gave a detailed account of the likely implications of the Bill, when passed. Shenoy explained how compliance costs will keep going up, specially for those who will not give data security very high priority. Among the other speakers were Eeshan Siddharth, the identity and access management solutions expert from Gemalto who spoke about various strategies for protecting digital identities in the BFSI sector; and Nitin Phuria, Chief Software Architect at Integra Micro Systems, who made an insightful presentation on data security and tokenization solutions for the banking and financial services companies.
Leading CIOs and data security leaders from organizations like HDFC Bank, Axis Bank, IDFC, IDBI, Batliwala & Karni Securities, Enkay Financial Services, ESS Capital, JP Morgan Services, Magnum Equity Broking, Motilal Oswal Wealth Managers, Saraswat Bank, State Bank of India, Stock Holding Corp of India, UCO Bank, UTI Mutual Funds, Mahindra & Mahindra Financial Services, National Payments Corp of India, Central Bank of India, and ICICI Bank participated in the conference to share innovative ideas on data protection, foster learning, inspiration and provoke conversations that matter.
This international conference series, being organized with the objective to create a platform for digital security professionals, came to Mumbai after Singapore, Bangkok, Sydney, Tokyo, Jakarta and Kuala Lumpur.