“When considering cloud , risks should be evaluated with respect to information assets”

Security threats are growing exponentially, with attack methods getting more complex by the day. Moreover, with increased adoption of cloud computing and IoT wave gaining momentum, the security landscape is set to become more complex. To get a better understanding on how these trends are impacting enterprise security and how CISOs can keep up with the ever-growing threats, Dataquest caught up with BM Rangan, Sr VP & CISO, Quatrro. Excerpts from the interaction

According to experts, companies will soon begin to face security threats from the Internet  of Things? What is your view on this?
According to BI Intelligence report, by 2019 the device population globally is expected to be double the size of smartphones, tablets, connected cars, and wearables combined. Given this incredible device population boom, we can get a sense of how massive and intense the threat vectors would be.
How do you make sure that you are spending the right amount of time and money in security measures?
There are many ways to find out if security measures that you have in place are really going to protect your company from attacks. One can put fancy devices and apps but all that is quite pointless unless we have our basics right. The focus should be on raising awareness among employees and increasing top management sensitivity to the big insider threats and external attacks. We are trying to engage with our employees and raise awareness so that we are able to tackle the upcoming threats well in advance.
What approach do you recommend when looking at cloud computing from the lens of a CISO?
Firstly, I would recommend an approach where risks are clearly evaluated with respect to the information assets in question. I think a contextual and multi-dimensional approach is important. For example, one dimension could be the regulatory and contractual obligation dimension. Another could be the breakup of data in question in terms of criticality, usage patterns. Total cost of ownership is another dimension which needs to be looked at.
What are the key questions a security professional needs to ask internally?
Some crucial questions include: What is the reputation risk for the organization and what role a security breach is likely to play in creating risk exposure? How can we make sure that a security strategy is integral to the overall strategy formulation in the organization so that security is designed-in upstream in the organization’s products/services and processes?
What should a CISO be concerned about when evaluating potential future IT trends?
Security professionals need an understanding of which trends are likely to stay and which ones are likely to fade out. I think it is critical to understand the opportunity that the technology presents to the organization and figure out how it could be applied securely.
According to you, which new threats are expected to emerge in the coming years?
In the coming years, we will see drastic changes in the cybersecurity landscape. As this will surely grow and so would the threats posed by the Internet of Things.

Leave a Reply

Your email address will not be published. Required fields are marked *