The fundamental role of a Chief Information Security Officer (CISO) is to protect information and data assets that are vital to the organization and its functioning. However, with the rising adoption of cloud-based data storage and the overall increase in data traffic across all digital terrains, security risks in relation to data theft and loss have grown multifold.
The dynamic environment in which organizations operate today poses a threat largely due to the multi-layer, non-static nature of the infrastructure itself. Here, the role of a CISO becomes very pivotal as he understands the threat landscape better and also understands the balance between business needs and security needs. To get a broader perspective on the importance of CISOs in modern-day organizations and how their role has evolved, Dataquest spoke to six leading CISOs:
With the emergence of new technologies and almost the entire business happening at a digital layer, CISOs not only need to innovate and adopt new technologies for business benefits but should also be aware of how to design these technologies and consider security aspects during the design phase itself. This will ensure that with the implementation of new technology one can have security also in parallel with a complete and
comprehensive set-up —Sayed Peerzade, VP-Technology, Reliance Big Entertainment & Reliance Entertainment-Digital.
The role of a CISO has evolved from an IT security specialist to a management assurance role which includes business aspects, HR, physical security, regulatory compliance, and also client facing. It is emerging as a high visibility and high responsibilityrole and needs to be complemented with high level of authority as well with the right reporting hierarchy. The CISO also needs to manage outsourced service providers and business partners as they store and process confidential data of the company. Further, the CISO is expected to present the security posture of the company to the board of directors —Parag Deodhar, Chief Risk Officer, Bharti AXA General Insurance
A CISO’s role has never been more critical to the success of the organization. From a good-to-have function, it has changed to a must-have function with clear goals. The role has evolved from a technical function to a business enabler giving strategic direction to the information security program. It is all due to the evolving role of CISOs that the IS teams have grown from being glorified IT security administrators, managing firewalls and doing other security operations and investigation, to a function which looks at the organizational risks on strategies for mitigation, business continuity, disaster recovery, etc —Nadir Bhalwani, Director-Technology Operations & Information Security, CRISIL
CISOs have moved from the role of an IT security officer to a business officer. They are more involved in developing a strong security strategy which shall be aligned with the business vision and preparing a comprehensive risk management practice which allows business to take conscious risks. CISOs have learnt the business language which other CxOs appreciate and accept now —Makesh Chandramohan, Head–Information Security & Business Continuity, Birla Sun Life Insurance
As the role of IT department has started evolving from a service provider to a strategic business partner, new roles such as CISOs have emerged prominently. The role of a CISO is ever expanding and needs to take a few more points into account.
#1 Data Trajectory: The CISO needs to understand the nature of information and its trajectory in the context of the underlying business. This is sometimes more important than the technicalities involved in data security.
#2 Business Alignment: Information security professionals need to align much more closely with the business strategy of the organization and the CEO’s office.
#3 Regulatory Framework: There are technology-related issues on a daily basis and there is an acute need for organizations to understand and adhere to the dynamic regulatory framework. The evolutionary nature of such regulations makes the complex role of a CISO even more challenging.—Subroto K Panda, CIO & CISO, Anand & Anand
The role of a CISO has changed to cope up with the speed of things in the security area. The hackers have already started making a dent in the corporate financial health and also to their reputation. Today, CISOs have made their footsteps into the boardroom. Thus, the CRO and CISO is now a common person who plays the role of a watchdog for IT security incidents.
—Jayjit Biswas, Divisional Manager-Information Security & Compliance, Tata Motors