In Search of Perfect Solutions

DQI Bureau
New Update

Its been one of the most subdued New Year celebrations in recent timethe

clouds of economic uncertainty would have been bad enough to quench the spirits

of the merry makers but in many places in Western India the dark shadows of the

terrorism attacks in Mumbai continued to cause concern. Not a very good start to

what promises to be a tough industry and certainly an early warning that

security in all its formats should be the priority for all of us in the IT and

BPO industry in the coming months.


The IT industry in India which has caught the attention of the world in this

decade, could be an area of vulnerability not just in a physical sense but also

in the form of breaches of networks and information security that could

compromise the mission critical work we do for many of our clients. It is

perhaps fortuitous that information and data security has been on the top of

Nasscoms action list for the last two years. The formation of the Data Security

Council of India under the Chairmanship of Industry and Government veteran

Shyamal Ghosh and the induction of Dr Kamlesh Bajaj as CEO of the entity has

given a new impetus to the industrys emphasis on data and information security.

Ganesh natarajan

The author is deputy chairman &

MD of Zensar Technologies and an Executive Council member of NASSCOM for

2007-09. He can be reached at

A recent Nasscom-DSCI survey conducted through KPMG, which was discussed at

the Information Security conference in Hyderabad, demonstrates the importance

that this issue has attained in the minds of all policy planners in the

industry. Most of the companies surveyed have Board level focus on this

important issue and have nominated Chief Information Security Officers to

oversee policy and implementation issues. Security has become more analytical

and less anecdotal and many companies have instituted data privacy policies and

looked at formally addressing issues related to network and information access,

sharing of confidential corporate and client data, use of portable storage

devices and limiting access of company spaces to outsiders including vendors.

The DSCI view of data protection addresses infrastructure, application and

data security and provides recommendations on security management systems and

processes and security organization structures, all aimed at ensuring security

testing and monitoring and mitigating threats and vulnerability of data and

information warehouses in the organization. Being set up as a self regulatory

organisation, DSCI today is propagating best practices in a wide range of areas,

enabling the understanding and implementation of security standards such as ITIL,

COBOT and ISO 27001 and conducting extensive research and collaborating with

academic and overseas governments to ensure that the security reputation of the

country and our industry is enhanced on an ongoing basis.

Security is always a difficult issue to completely resolve and the reputation

of a company or even a country is sometimes only as robust as the last incident

which captures the attention of the world. Security breaches can and do happen

from within and outside the firm and this is one matter that needs to remain top

on the agenda of individuals, companies, associations, industries and indeed the

local and central Government long before the angst felt at the Mumbai attacks

are healed by the passage of time. Our industry and country has come a long way

and achieved a lotlet us not allow these achievements to be compromised by

letting our guard down even for a minute!