In-house IT teams tend to be lean--and therefore made up of generalists. That can be a challenge if they are asked to assess a security solution. How Godrej Industries tackles that issue. It is very important for an organization to build the internal tech competency required to assess a security solution. But that’s easier said than done; in-house talent tends to have a generalist make-up than a specialist one. Then once capability is built, it soon becomes outdated and needs constant upgrading. Risks that are known and mitigated successfully yesterday, are of little use today. Retaining talent in a competitive environment is another big challenge CISOs face today.However, more mature organizations have the right strategy and policies to tackle this situation. Godrej Industries, for instance, has a two-pronged approach. Other than constantly upgrading itself with the latest technology–which is an absolute necessity–the in-house competency team works closely with the business.“Once we know what the business is planning to do today–and in the next few years–we know what kind of risks are likely to be encountered,” says V. Swaminathan, EVP–corp. audit and assurance at Godrej Industries. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Through this approach, his team has increased its efficiency to the point that it was well-prepared for the organization’s shift to the cloud–even before the business decided to embrace cloud computing. Collaboration with the business, he says, helped the team understand that the company was in expansion mode and would soon be going global. The team kept a watch for developments in the area of cloud computing and boned up on the risks associated with it.“When the business finally decided to move to the cloud, we were ready with the kind of security solutions we needed,” says Swaminathan. In addition, the team kept a watch through various security forums and on their industry peers who were already moving to cloud. Interactions with them helped identify the service provider who would help them assess risks and mitigate them proactively.Swaminathan believes that the skill of a CISO lies in identifying the internal risk perception and in finding solutions to mitigate them. “At Godrej, we always ask vendors to do a POC to test whether the results meet our expectations. There is no ‘one size fits all’ solution when it comes to security,” he says. Related content feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 CIO 100 CIO 100 feature 9 famous analytics and AI disasters Insights from data and machine learning algorithms can be invaluable, but mistakes can cost you reputation, revenue, or even lives. These high-profile analytics and AI blunders illustrate what can go wrong. By Thor Olavsrud Sep 22, 2023 13 mins Technology Industry Generative AI Machine Learning feature Top 15 data management platforms available today Data management platforms (DMPs) help organizations collect and manage data from a wide array of sources — and are becoming increasingly important for customer-centric sales and marketing campaigns. By Peter Wayner Sep 22, 2023 10 mins Marketing Software Data Management opinion Four questions for a casino InfoSec director By Beth Kormanik Sep 21, 2023 3 mins Media and Entertainment Industry Events Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe