“The adoption of security technologies depends on what business applications define or run that business, rather than deciding which next gen technology to adopt. That is better generic approach than a strategic one,” says Sujoy Brahmachari, Sr. General Manager – Information Systems & CISO, Hero MotoCorp.
What does the new-year hold for Security and what technologies will Hero MotoCorp look out for?
There are certain things in security that you cannot decide beforehand. You need to decide what your organizations needs in terms of business applications etcetera to build the security posture. For a website or e commerce site you have to build security in terms of authentication, perimeter security on top of that platform. You merely cannot decide to go with a particular brand of firewall or other brand of IPS.
Security works in line with the business in organization like ours. We at Hero MotoCorp run business driven IT and not IT driven business.
SMAC is taking place in reality. Security will definitely revolve around SMAC security. For applications which is public facing like social, one needs internal and external policies. For mobile apps and BYOD, MDM solutions becomes a must and companies using cloud will need periphery security, The adoption of security technologies depends on what business applications define or run that business ,rather than deciding which next gen technology to adopt. That is better generic approach than a strategic one.
What was the rationale for Hero MotoCorp to invest in NAC solutions last year?
We work with many third party vendors and they come to their premises and use their infrastructure too. We wanted to limit the access depending on the user’s profile. That was business requirement as we have multiple offices across India and spreading out of India. We wanted to have control of our network. As the network spreads with more users and more devices, we want to have network administrator control in case of any vulnerability. Being a big WAN network organization, immediate action is needed to control and quarantine the area.
After reviewing multiple vendor solutions in the market, the finalized NAC solutions from European based security vendor had the edge as it had no agent running on corporate network. It automatically scans through the network. That device sitting on our network is mapped to all active network devices. Any device or any system not part of our domain will be immediately blocked. Now we are able to secure the users and give the access securely and also extend BYOD.
How do you fight the overhype of technologies by various OEMs?
It depends on person to person of a particular OEM. We focus on business driven IT. When we started to build our own IP like designing motorbikes etc, there was immediate need to deploy DLP. It was not some vendor approaching us to tell us what we need to do.
As a CISO, one needs to have the clear understanding of the different technologies in the market and have the deep knowledge of the pros and cons of each solution. Once the business requirement arises, the business case is made to be approved from management and then the best solution amongst the various vendors is selected.
As a CISO, one needs to have the clear understanding of the different technologies in the market and have the deep knowledge of the pros and cons of each solution.
No technology OEM gives 100% guarantee on their security vendors.
Security is always a dynamic area. Every second day, there is a threat and importantly there is a solution to that. This is an ongoing process that keeps you on your toes and one needs to be geared up at all times.
Another important thing is the lack of good support mechanism from most of well-established international security vendors in India. They have good sales people pitching on product features etcetera which are useful to us. But when it comes to issues and typical problems, they don’t have adequate local people as they depend on their headquarters staff outside India. This leads to a sufficient time lapse for an urgent issue wherein security is a highly dynamic area.
Yogesh Gupta is executive editor at IDG Media. You can reach him at firstname.lastname@example.org or follow @yogsyogi1