Technology is transforming our lives at a rate that the entire society is struggling to stay up with. Both new threats and great opportunities are brought about by technology. IT security ecosystems are getting more and more stressed as they increase their adoption of technological frameworks like cloud computing and digital transformation projects.
Anil Nair, Vice President, Engineering, Security Business Group, Cisco India & SAARC, tells more, Excerpts:
What are some of the biggest challenges in building trust in the digital world and how can we address them?
Anil: If you look at the the technologies of the past, it was fundamentally about solving a well defined business problem, you take a problem, you address that and you solve the problem and move on.
Today, what's happening is the cybersecurity run or the risk of attacks, has changed the world in such a way that it's not just about solving the problem, but really understanding the risk of the solutions involved. What else can go wrong? What's at stake?
Now it's about what can go wrong and what are the cyber risks that you bring to the table and that's where trust is lot more important today than in the past and the cybersecurity in general has completely changed something, what can improve the trust better.
Policies and laws can be one aspect of that, and we are seeing how the legal environment is evolving which will absolutely help in getting the trust better. Second thing is there needs to be continuous work between the vendors and the customers, and really understanding the customers problem, bringing more transparency to how we do things and so on and so forth.
Some of the work that is happening in that element thing around risk scoring, the practical risk scoring on those kind of things are worked, are worked towards it. Nothing more. Work in that direction is going to help.
Are there special data security and privacy concerns that businesses should consider when thinking about moving to cloud hosting environment?
Anil: Absolutely, just like any technology, whether you're running it in your private data center or running it in the cloud, you have to be aware of the privacy and the data risk concerns. Again there are best practices and architectures that have been in place to understand what are the risk to the data, what are the risk to the privacy and so forth. We have absolutely involve that. It's very interesting and it's very important for you to ask the right questions to understand where. The data kept what? What's the policy for data trust? What's the policy for data in motion? What kind of systems are in place to protect the data?
Different cloud providers offer different things and you can have different third party engagements to come in to bring that into into consideration as well. See very important for you to ask those questions, understand that and then make a decision depending on what exactly other is that your data is envisaging. Again some of those standards help you in getting there. Some of the best practices, the standard architectures help you get in there. Do you have to ask the right questions to get them?
What advice would you give to the IT directors who have limited budget? How do they start?
Anil: Prioritization is the name of the game. You have to prioritize. You don't have an opportunity to kind of go and understand everything.
First question that you want to answer to ask yourself is what is important for you? What are the risks that your enterprise, your business is taking, having a good clarity on, on the risk that your business has the first step towards protecting that business. So understanding your core, assets, data, corporate assets. Understanding what are your most important assets, identifying the risk to that and then putting in place what kind of steps you're going to take to address that risk is important. Every enterprise is going to have a limited budget, bring the visibility, understanding the exposures and putting in the right, is more important.
How can we educate consumers about the importance of trust in the digital world, and what are some effective strategies for doing?
Anil: It's a continuing process of education, in Indian environment right now we are seeing a very strong adoption of of digitization. I think the rate at which the digitization is is being adopted is is absolutely fabulous. I do not think many of them recognize the risk as well. So the basic education in terms of recognizing that there is a risk to everything in the cyber world is a first step.
Then figuring out what are the classic attacks, the classic ways they get compromised, recognizing the need to educate themselves are all important. Cisco, for example, is doing a lot of work to educate the masses, not just the cybersecurity professionals, but in multiple different areas.
Cybersecurity awareness and the risk awareness is an important element towards that. In many ways, Schools and other institutions should incorporate cybersecurity awareness into the curriculum, even from a family standpoint, especially another intervention.