C&L October 2017_LR (5)

More documents

Recommendations

Info

INTERVIEW “Observe zero tolerance towards basic security hygiene” Vishal Salvi, CISO, Infosys discusses the security trends in 2017 We have heard that 2016 has been a year of ransomware and in 2017 also we saw that there were two incidents that took place simultaneously. What does that really tell us about our security preparedness? If you look at the recent ransomware attacks: WannaCry on 12th of May and "Petya" on 27th of June, both are watershed events as far as cyber security is concerned. In my two decades of cyber security experience, I haven't seen so much of devastation being caused by any single cyber security event which has impacted multiple organisations at the same time in a very short span of time. These are the events we should sit back and understand, learn and take lessons from. In my mind it has changed my outlook towards how we look at the issues in cyber security, how we look at our value that we add to the business, and how we need to change our strategy, our vision and our response when it comes to dealing with managing the overall cyber security. Of course it will be a mistake to just look at ransomware as an issue and focus on that, but also if we look at the overall strategy, it is extremely important but ransomware is one example which gives us how important cyber security is for today's digital evolution. While we can’t expect the technology evolution and innovation to change dramatically, we can definitely change the way we look at it. As cyber security experts, we must have an influencing capacity in terms of being able to engage the stakeholders and send the right message, get the right budgets, and make sure that you work closely with the CIO and the technology teams to be able to build necessary controls. I think we need to observe zero tolerance when it comes to basic hygiene. How has the role of the CISO evolved in the last few years? How do you think the role is ready for change in the near future? Organisations which have got impacted have made the CIO and the CISO equally accountable for their role in the organisation. Today the CISO must be able to influence and convince people to invest in the right controls and build a trust with the stakeholders. Otherwise you are not doing your job. So it’s not about externalising the problem, you need to internalise the problem and you need to take ownership in order to make sure that it’s not just implementation of control but getting sponsorship for implementation of control is equally an important part of your role to entrust people and get it done. So I 18 CIO&LEADER | October 2017
Vishal Salvi, Infosys Interview think that people should realise that's the change. In fact it was always there but it is now more fundamental now that people realise that you know you are accountable and you need to make sure that a business case needs to be presented. It is also about making sure that you are also accountable to get maximum return on investment. What is the importance of vendors collaboration in security and how does that impact the solutions that you choose within your organisation or for your organisation? Isn't collaboration essential for the new threats that are emerging in the enterprises? Generally speaking, you know most of the vendors have a closed approach towards their solutions and how they would want to bring them to the market. That definitely is a problem. Every security vendor has his own standard and strategy. And they haven't really been able to come together and create a common architecture and a common standard which the world will benefit. We obviously have challenges in the bureaucracy and the processes and practitioners also. So all these are loopholes which are exploited by cyber criminals who don’t have any processes that are very cohesive. As practitioners you have to do the best with what you have. For example, we invest in engineering, orchestration, and automation; so there is hope. But not many organisations are able to do that. We are able to do it but not many organisations are able to that and therefore, there is always a struggle in terms of depending on an external party to come and deliver that value. What are the top 3 things on your agenda in 2020 as far as security is concerned? I think this year has largely been in terms of investing and building capabilities. We are actually embarking on a journey of operational excellence and making sure that every single control that has been invested on is actually delivering the value for the buck right. There are four important objectives: The first one is to build a team which will give assurance to our clients about security of their data and business that they are entrusting on us. The second objective is to constantly improve the efficiency and effectiveness of the controls that we have deployed. The third objective is to ensure that people remain calm and composed when you respond to cyber events and cyber incident that happen to your organisation so that you not only contain, but also recover from them quickly. The fourth objective is to build a security culture. At Infosys, we have various tools and methodologies along with the maturity models that we have defined, both of which focus on the improvements as well as operational excellence, and every year, we revisit ourselves and constantly evolve to deliver the value that our customers expect from us. October 2017 | CIO&LEADER 19
Page 1: INSIGHT Meet the global desi IT lea
Page 5 and 6: EDITORIAL Shyamanuja Das shyamanuja
Page 7 and 8: FEATURE 04-08 Are You Ready For A D
Page 9 and 10: Feature stringent regulations for t
Page 11 and 12: Feature ...Continued from Page 5 an
Page 13 and 14: 100 IT Decision makers with 10,000+
Page 15 and 16: Cover Story TAKING STOCK Organized
Page 17 and 18: Cover Story from every Indian state
Page 19 and 20: Cover Story by the K Raheja Corp Gr
Page 21: Cover Story 2,0 00 1,80 0 1,60 0 TO
Page 25 and 26: Event Report Sunil Manglore, Managi
Page 27 and 28: Event Report Experience Analytics a
Page 29 and 30: Book Review I t is ironic that in a
Page 31 and 32: Insight Mamatha Chamarthi Chief Dig
Page 33 and 34: Insight Rahul Samant SVP & CIO, Del
Page 35 and 36: Insight O Putting cloud first, lite
Page 37 and 38: Insight The initial driver for the
Page 39 and 40: Insight G Companies are struggling
Page 41 and 42: Insight Another important driver fo
Page 43 and 44: Insight I out of 144 countries 108
Page 45 and 46: #TheBigPicture 52% of winners from

C&amp;L October 2017_LR (5)

Create successful ePaper yourself

Delete template?

Save as template?

C&L October 2017_LR (5)