Tata Communications is rapidly occupying customer mindshare as a strong player in innovating and building service platforms to drive managed security services solutions aligned to customer needs. The company has a managed security services and solutions which help cover critical operational and capability gaps in cyber security for customers to deliver measurable and effective protection against attacks and malware. In conversation with Dataquest, Avinash Prasad, Vice President, Managed Security Services, Tata Communications, talks about trends in security space and what is company’s business plan. Excerpts:
Q. What are the key considerations for different industries in securing critical digital infrastructure?
Today, effective security for any organisation is a factor of both the security technology and infrastructure as well as the associated operations and processes. With the increasing adoption of new technologies like the Internet of Things (IoT), 5G and AI change the business landscape, organisations are choosing to embark on their own distinct journey of digital transformation.
In the current scenario, businesses are required to have the foresight to factor in security at the outset of planning their digital transformation strategy to mitigate the risks from outside threats and potentially reduce the downstream costs of fixing security. This is the process of ‘building a Security Profile’ for your organisation based on a considered understanding of the relevant threat landscape. While planning for security within an organisation, the enterprise needs to factor the well-established pillars of confidentiality, integrity and availability while also adhering to laws around risk and compliance and data sovereignty. The other imperative aspect is to protect the infrastructure across the entire spectrum through which the most important asset – ‘sensitive or critical data’ travels – from its origin right till the disposal. This means that the cybersecurity measures need to be integrated into the multiple layers – including hardware, software and applications – and access device layers to potentially reduce the risks of a serious data breach.
Q. How does the ecosystem work together to ensure integrated security, right from the wireless infrastructure to data acquisition and analytics infrastructure?
All the respective parts of the eco-system and infrastructure have a role to play in building an integrated security approach. A proactive approach to security demands that effective monitoring, detection and prediction is implemented across all the systems – for which the process includes log collection, log and signal processing, correlation and alert generation. All critical systems across the spectrum of wireless infrastructure to data acquisition and processing systems need to be integrated into such a security monitoring system. This is further enhanced by analytics which relies on a Big-Data based approach that applies Machine Learning (ML) or Artificial Intelligence (AI) driven approaches to decipher unknown patterns of threats and attacks.
At Tata Communications we offer, managed security services under a framework called M.I.S.T: Multi-layered, Integrated, Secure and Trusted. This platform offers multi-layered coverage through an integrated model that helps embed security services as part of the organisations’ architecture. Solutions are delivered with an underlying philosophy of secured operations that helps build trusted relationships through our collaborative ecosystem and advanced capabilities.
Q. What are the new trends you see in the cybersecurity space? (Like the shift from prevention to analytics and evolving cybersecurity skills)
Security, once an afterthought, is now fast becoming a critical integrated function for a business. Attacks such as the ones we are witnessing currently can lead to a loss of both customers and reputation, thus amplifying the role of security in an organisations’ success. Some of the broad cybersecurity trends we anticipate are:
- Support prevention with robust detection capabilities: Cybersecurity needs to be perceived as inevitable and not avoidable. Businesses need to create awareness about the security vulnerabilities and accordingly, realign their resources to be able to analyse and identify threat patterns through vulnerability assessment and management supported by enterprise platforms like Security Information and Event Management (SIEM) for timely detection and response.
- Fueled by the Cloud, security ecosystems become rapidly scalable: With the cloud-based computing models increasing every year, businesses will increasingly need to shift to an ecosystem-based approach using security capabilities from the Cloud instead of ‘in-house’ or ‘on-premise’ systems to minimise risk. Over and above supporting present day requirements, they will need to be cloud-grade to support the scale and elasticity of multi-cloud environments.
- Artificial Intelligence (AI) and Machine Learning (ML) to tackle ‘the unknown’: Adoption of AI will help businesses identify and analyse patterns of attack and defeat them before they become a security concern. As per Gartner, by 2025, ML will become a normal part of the security practice and will offset some skills and staffing shortfalls. While the new streams of data overload generated by connected technologies like IoT will create additional cyber threats, this expanse of data will also help enterprises spot security flaws with the help of AI and ML.
- Additional requirement for cybersecurity skills: Currently the shortage of skilled cybersecurity personnel is one of the biggest impediments to the execution of cyber security projects. A collaboration between the Government, universities and private enterprises can prove fruitful in bridging the skills gap in this domain.
- The emergence of platforms to amplify the Security Operations Centre (SOC) engineer: The development of advanced tools and automation platforms to enable SOC analysts to be at par with the speed and incisiveness of the cyber attackers can overpower the current limitations of security skills and resources.
Q. How are Tata Communications’ solutions positioned to address India’s growing security threats? What are your business plans and vision of Tata communications?
Tata Communications is rapidly occupying customer mindshare as a strong player in innovating and building service platforms to drive managed security services solutions aligned to customer needs. Our comprehensive managed security services and solutions help cover critical operational and capability gaps in cyber security for customers to deliver measurable and effective protection against attacks and malware.
We have built a portfolio spanning risk and compliance, cloud security, identity and access management, data security and privacy, threat management supported by analytics to pivot from a proactive to a predictive model to keep our customers secured from the increasingly sophisticated cybercrimes.
Above and beyond our platform and solutions, we are investing in coaching and building young talent by collaborating with universities globally to curate curriculums, sponsor labs, offer guest lectures, etc.
Currently, we have a team of more than 350 cybersecurity experts – 80% located in India and we intend to hire an additional 400 people in the upcoming years to strengthen our base. We are also expanding our footprint globally through our SOCs called Cyber Security Response Centre (CSRC). This will enable us to have a macro global view and with the understanding of the local nuances and plan ahead for the potential attacks in the future, whether regional or global.
Q. As enterprise applications move to the Cloud, security becomes a key concern, what are your views on the same?
Increasingly enterprises are adopting a cloud-first approach for their solutions and services. Most of the new innovations based on new technologies such as IoT and AI are supported by cloud platforms. But the risk perception around lack of controls in the cloud pull back the organisations from fully embracing the potential of this platform. The risk posed by potential leaks or loss of data are a matter of grave concern, yet as per Gartner there have been fewer incidents of cyber-attacks on public cloud, as compared to on-premise data centres.
At Tata Communications, we have implemented robust measures to secure systems and data in the Cloud infrastructure. We offer the levels of private cloud security also on the public cloud platform through a structured framework, thereby addressing the biggest concern for most of the global enterprises when planning the switch to the cloud. Our cloud-based solutions provide the scale, and flexibility integrated with controls for data protection, secure user access and threat monitoring, which form an integral part of the multi-layered security approach that we offer.
Q. Any other information that you would like to share
A critical aspect of an effective security strategy is to align with business critical aspects and enable the execution of digital business by adopting the principles of:
- Risk awareness and culture
- Better visibility and security monitoring across all relevant systems
- Proactive approach for mitigating business disruptions
- Ability to respond rapidly to threats and breaches
- Enhanced risk coverage through process and insurance beyond technology and solutions
This will help a security leader like a CISO to deliver the right-sized security for their organisation.