Enterprises should hand over security completely to a CSO: Jayanta Bhowmik, CTO, Apeejay Surrendra

Do you think that when it comes to security, business is yet to realize its significance and that more support is needed from their end to deploy sophisticated security solutions?

Security is all encompassing today, touching everyone and having dependencies with all connected to business, and sometimes outside the business as well. So the issue of security has to get into the culture and DNA of the organization, the do’s and don’ts to be practised and adequate security responsibility to be taken by everyone.

Today in India, although the knowledge and awareness is fast catching up, the legacy business houses still have a notion of this being an IT issue and therefore tend to have a careless approach towards security fundamentals and even have a lax attitude to planned security exercises, events, quizzes, certification and awareness mailers.

Deployment of  sophisticated solution alone is not enough, and can only succeed when necessary security culture and support available to supplement the solution, the features and security measures coming out of the solution is appreciated and accepted by the population.

Hence not only support, I prefer business teams to be involved and be the stake holders in the implementation exercise of any such solution, then only the deployment can be successful and a proper return from the investment can be achieved satisfactorily.

What do you prefer, a best of breed security solution or an end-to-end solution?

Given a choice, I would ideally go for the best of breed solution for each of the security categories, just on shear technical grounds. But on a more realistic note, I would go for an end to end UTM option for ease of management, better controls and integration – probably a CIO and CISO would be happy to have a single console security management.

Do you think that it is time to hand over security completely to a CSO?

Yes it’s already the time to do so, as you need to have dedicated responsibility here, security management is no longer a part time role. This brings in domain expertise, accountability and focus towards the role.

What according to you are the biggest security threats to your organization and how are you handling it?

The biggest security threats and challenges are many, for example mobile apps and BYOD, but the latest threat landscape is so dynamic and fast with respect to the speed and innovation, that one can’t put one at the top of a list. We should therefore, focus more on people and non-technology challenges to address on priority as these are the biggest challenges than so called threats.

Many security threats are hiding behind people and their behaviours, both inside and outside the company. It’s very critical to regulate the process through which information is disseminated across the employees and departments and how people deal with them, how they conduct themselves in internal and external forums, what they disclose in social networking and external forums, intentionally or otherwise.

It’s important how an organization deals with induction and exits, how disgruntled employees and their exits are managed and what kind of strong security measures are taken during employee exits , their access and assets are controlled during the process, mobile and remote accesses are refreshed and so on. So I think the biggest challenge in India is to fast track the process of people’s maturity in majority of organizations – which are key to a secure corporate India.