Security CoEs influencing cyberculture awareness, threat defense & security analysis

With each passing day, the need for robust cybersecurity practices becomes increasingly critical in the face of evolving threats. In this era of digital transformation, organizations worldwide are seeking innovative solutions to protect their assets and ensure operational resilience. It is within this context that GCCs in India have risen to prominence, serving as key drivers of technology development,

innovation, and the advancement of cybersecurity practices. As GCCs transition from being costfocused operational centers to strategic Centers of Excellence (CoEs), they have become hotbeds of technological breakthroughs and trailblazers in the realm of cybersecurity. Gaurav Shukla, Partner, Deloitte India, a seasoned expert in conversation with Minu Sirsalewala, Executive Editor, Special Projects, sheds light on the remarkable journey of GCCs and their profound impact on the cybersecurity landscape.

The GCC India growth story is achieving both depth and breadth with 1500+ GCCs across BFSI, technology, industrials, consumer, and retail space. What is the story of the evolution of cyber deliveries from GCCs in India?

GCCs are transitioning from being operational centres that provided cost arbitrage and productivity enhancements to ‘Centres of Excellence (CoE)’ that also create value and give strategic direction to their parent. Today, GCCs have become hotbeds for technology development and innovation, and are spurring the adoption of digital, and foray into new-age tech like automation, big data/analytics, Artificial Intelligence/Machine Learning (AI/ML), Internet of Things (IoT), and Blockchain. From a cybersecurity

standpoint, the transformation was underway for quite some time, but the pandemic has been a key lever in enhancing the scope of cyber deliveries and the level of autonomy. The GCCs, in India, have established a strong credibility by efficiently delivering the work in the areas such as IT General Controls (ITGC) testing and assurance, enterprise risk management, attack surface management, enterprise access management, SOC operations with incident response, and third-party risk management. Across all the areas of work, GCCs are now moving from ‘supporting’ to ‘leading’ by using intelligent automation, cognitive solutions, tech-led platforms, and standardisation. At the same time, expanding capabilities for advanced threat detection and response, implementing zero trust architecture, addressing risks associated with application modernisation, cloud and Edge computing, IoT, etc. Many cybersecurity global roles are moving to India. This positions GCCs to influence the cyber culture and embed security and privacy across transformation programs and high-end product engineering works.

In the ever-changing cybersecurity landscape, what role do you see GCCs playing in driving innovation and advancing cybersecurity practices? How can GCCs contribute to the development and implementation of cutting-edge cybersecurity technologies and solutions?

GCCs in India have a lot to offer, particularly when it comes to the development of cutting-edge cyber solutions. That’s also supported by the strong value proposition that India as a country has to offer. Let’s look at a few synergies that empower a GCC to contribute towards technology development and innovation:

• By having a strong focus on upskilling and reskilling, GCCs can create a huge cyber-skilled workforce from the already existing STEM and non-STEM talent pool in India.

• By collaborating with academia, innovative startups, and conducting crowdsourcing initiatives, GCCs can leverage India’s innovation ecosystem to solve cyber challenges.

• By using India and its burgeoning digital ecosystem as a test best for building the next big thing in tech and evaluating various aspects of risks.

• By acting upon the changing regulatory environment (CERT-In mandate, the Digital Personal Data Protection (DPDP) bill, proposed Digital India Act etc.), GCCs can play a leading role in implementing and driving best practices globally.

• By engaging with the local service provider ecosystem to outsource regular work in a managed service model, GCCs can free up time and resources to focus on areas like emerging tech, product engineering, and cloud security.

Protecting critical infrastructure from cyber threats is a top priority. How can GCCs in the energy, industrial, and critical sectors contribute towards improved incident management, disaster recovery and business continuity, and play a key role in keeping global operations up and running?

GCCs have been enhancing their SOC operations through threat-intel led insights, periodic red-teaming,

Incident Response (IR) playbooks, and automation and AI for improved triaging. At the same time, bringing in standardisation, and consistency, across global operations that are managed/led by the GCCs. Sectors like power, oil and gas, transport and water supplies are managed using Industrial Control Systems (ICS)/SCADA systems. A complete Operational Technology (OT) asset inventory, monitoring of these assets, and ensuring their availability are crucial. Crisis management and Business Continuity Planning (BCP) must take all IT, OT, and cyberphysical systems into consideration, with proper backups in place. With these capabilities and considerations, and overall streamlining, GCCs can play a stronger role in safeguarding critical global operations.

The digital landscape is constantly evolving, and with it, the risks, and threats that organizations

face. How can security leaders deal with this rapidly changing environment? Any key areas of focus for security leaders?

To deal with this ever-changing digital footprint, organisations must stay vigilant about their expanding

attack surface, and work towards discovery and remediation of vulnerabilities across internal/external

assets. Attack surface management helps an organisation think from the attacker’s vantage point and helps in understanding the impact of a cyber intrusion, based on connections and interactions between the assets. This goes on to include the supply-chain as well. At the same time, it is important to realise that any firm could be attacked, and having an incident response plan, with a strong focus on improving KPIs and workflows, is the best bet and therefore cyber resilience is as essential as cyber protection and defense. Next is to have a ‘humancentric approach towards risk management, that creates a cyber-responsible workforce through the pillars of awareness, involvement, and accountability. Finally, in today’s era of Cloud, SaaS, and remote working, zero trust access is important as it overcomes implicit trust, uses a risk-based approach to provide granular access control and offers advanced encryption and data loss prevention capabilities. To successfully embed cybersecurity not only in digital but across all business priorities, CISOs must inculcate a security-first mind-set. This demands clarity on business needs and vision, to communicate the risks effectively, influence the management and make stakeholders perceive security as a shared business responsibility. At the same time, being empathetic towards business needs helps security leaders provide the best solutions, thus improving wider acceptance and infusion into the business.

With the advent of Security Centres of Excellence within the GCCs, these centres, under executive leadership, have more independent capabilities, autonomy, and ownership across cyber operations. Many of these centres are setting great examples in areas like cyber culture and awareness, threat defense, security analytics, orchestration and response, and red teaming. This makes them well poised to handle the ever-changing threat exposure to the whole organisation, at large.