It is very important for an organization to build the internal tech competency required to assess a security solution. But that\u2019s easier said than done; in-house talent tends to have a generalist make-up than a specialist one. Then once capability is built, it soon becomes outdated and needs constant upgrading. Risks that are known and mitigated successfully yesterday, are of little use today. Retaining talent in a competitive environment is another big challenge CISOs face today.However, more mature organizations have the right strategy and policies to tackle this situation. Godrej Industries, for instance, has a two-pronged approach. Other than constantly upgrading itself with the latest technology--which is an absolute necessity--the in-house competency team works closely with the business.\u201cOnce we know what the business is planning to do today--and in the next few years--we know what kind of risks are likely to be encountered,\u201d says V. Swaminathan, EVP--corp. audit and assurance at Godrej Industries.Through this approach, his team has increased its efficiency to the point that it was well-prepared for the organization\u2019s shift to the cloud--even before the business decided to embrace cloud computing.Collaboration with the business, he says, helped the team understand that the company was in expansion mode and would soon be going global. The team kept a watch for developments in the area of cloud computing and boned up on the risks associated with it.\u201cWhen the business finally decided to move to the cloud, we were ready with the kind of security solutions we needed,\u201d says Swaminathan.In addition, the team kept a watch through various security forums and on their industry peers who were already moving to cloud. Interactions with them helped identify the service provider who would help them assess risks and mitigate them proactively.Swaminathan believes that the skill of a CISO lies in identifying the internal risk perception and in finding solutions to mitigate them. \u201cAt Godrej, we always ask vendors to do a POC to test whether the results meet our expectations. There is no \u2018one size fits all\u2019 solution when it comes to security,\u201d he says.