Its been one of the most subdued New Year celebrations in recent timethe
clouds of economic uncertainty would have been bad enough to quench the spirits
of the merry makers but in many places in Western India the dark shadows of the
terrorism attacks in Mumbai continued to cause concern. Not a very good start to
what promises to be a tough industry and certainly an early warning that
security in all its formats should be the priority for all of us in the IT and
BPO industry in the coming months.
The IT industry in India which has caught the attention of the world in this
decade, could be an area of vulnerability not just in a physical sense but also
in the form of breaches of networks and information security that could
compromise the mission critical work we do for many of our clients. It is
perhaps fortuitous that information and data security has been on the top of
Nasscoms action list for the last two years. The formation of the Data Security
Council of India under the Chairmanship of Industry and Government veteran
Shyamal Ghosh and the induction of Dr Kamlesh Bajaj as CEO of the entity has
given a new impetus to the industrys emphasis on data and information security.
Ganesh natarajan |
A recent Nasscom-DSCI survey conducted through KPMG, which was discussed at
the Information Security conference in Hyderabad, demonstrates the importance
that this issue has attained in the minds of all policy planners in the
industry. Most of the companies surveyed have Board level focus on this
important issue and have nominated Chief Information Security Officers to
oversee policy and implementation issues. Security has become more analytical
and less anecdotal and many companies have instituted data privacy policies and
looked at formally addressing issues related to network and information access,
sharing of confidential corporate and client data, use of portable storage
devices and limiting access of company spaces to outsiders including vendors.
The DSCI view of data protection addresses infrastructure, application and
data security and provides recommendations on security management systems and
processes and security organization structures, all aimed at ensuring security
testing and monitoring and mitigating threats and vulnerability of data and
information warehouses in the organization. Being set up as a self regulatory
organisation, DSCI today is propagating best practices in a wide range of areas,
enabling the understanding and implementation of security standards such as ITIL,
COBOT and ISO 27001 and conducting extensive research and collaborating with
academic and overseas governments to ensure that the security reputation of the
country and our industry is enhanced on an ongoing basis.
Security is always a difficult issue to completely resolve and the reputation
of a company or even a country is sometimes only as robust as the last incident
which captures the attention of the world. Security breaches can and do happen
from within and outside the firm and this is one matter that needs to remain top
on the agenda of individuals, companies, associations, industries and indeed the
local and central Government long before the angst felt at the Mumbai attacks
are healed by the passage of time. Our industry and country has come a long way
and achieved a lotlet us not allow these achievements to be compromised by
letting our guard down even for a minute!