Interview

Transition from traditional security to advanced technologies: Rishi Rajpal, Concentrix

APT, DLP, NGFW are hyped for organization’s not updated with changing threat landscape and IT security team working in isolation without alignment to business, says Rishi Rajpal, Concentrix Corporation.

“At Concentrix, Privacy, Security and Continuity is of paramount importance considering the interconnected and data-driven world. IT security has become a crucial function for modern information systems,” says Rishi Rajpal , Director – IT Governance (Privacy, Security, Compliance and Continuity), Concentrix Corporation

What does the new-year of 2016 hold for IT security for Concentrix? Which security technologies can we expect Concentrix to invest in 2016 and beyond?

Traditionally, IT security was based on strong perimeter defenses like Firewall, IPS, Content Filtering etc resulting in a hard fringe and a soft core. In a distributed, Cloud, mobile and always-connected world, this paradigm has completely changed. There is need open up our perimeter and still protect our most valuable asset “DATA”.

Today’s complex IT systems and business models require a global security governance approach, which is tightly coupled with the business issues.

Relying on perimeter defense and rule-based security is inadequate, especially as organizations are moving towards cloud-based services and open APIs for customers and partners to integrate with their systems. Traditional blocking measures need to be supplemented by real time threat monitoring and blocking and other measures to prevent attacks. Application self-protection, as well as user and entity behavior analytics, will help fulfill the adaptive security architecture. 

In line with the emerging technologies such as mobile, cloud, IoT, social and analytics that brings new challenges and opportunities especially in the area of identity and access management (IAM) and regulatory requirements, we have invested in strategic tools in IAM and Security Information and event management (SIEM).

It’s been proven time and time again: unmanaged, unmonitored privileged accounts are an easy target for both external attacks and malicious insiders that can lead to loss or theft of extremely sensitive information.

Privileged Identity Management helps the monitoring and protection of privileged accounts and is one of the most important aspects of Identity and Access Management, and cyber security today.

Privileged Identity Management helps the monitoring and protection of privileged accounts and is one of the most important aspects of Identity and Access Management, and cyber security today.

SIEM technology provides Log Management, analytics, compliance reporting and real-time monitoring and incident management for security-related events from networks, security devices, systems and application. Almost every business is bound by some sort of regulation, such as PCI-DSS, HIPAA and Sarbanes-Oxley (SOX). Attaining and maintaining compliance with these regulations is a daunting task. SIEM technologies can address compliance requirements both directly and indirectly. 

We will continue to assess and evaluate the changing threat landscape and invest in right tools to safeguard and our own and our client’s data.

What about new-age security jargons like APT, NGFW, DLP? Would you call them a hype? 

As we partner with clients to move up the value chain and handle end to end service solutions for high value projects, data and IT security becomes key to the business. We are increasingly adopting automation of sub process solutions thereby leveraging on business analytics, mobility, cloud delivery and big data.

As a result, organizations of all sizes face challenges in maintaining control over network and security policies. Unfortunately, many organizations continue to take a traditional approach to network security in spite of changing technologies, business requirements, regulatory requirements, software, devices, and user habits. Such a traditional approach cannot adapt to the latest trends and leaves organizations vulnerable to today’s threats.

The terms like APT, DLP, NextGen Firewall will only be considered Hyped for Organization’s who are not keeping pace with changing landscape of threats and work in isolation as the “IT Security “ department without alignment to business. As there is a famous saying “you can’t manage what you don’t measure” so to start realizing importance of these latest technologies we need start measuring and get visibility on some of the threat vectors not considered till date. 

We at Concentrix, are moving away from the traditional security mechanism to a more robust advanced technologies like Net Gen Firewall, DLP and APTs. We have to be careful when it comes to network security, especially when customer data and regulatory compliance are at risk.

What are the biggest challenges for CISO in fast changing tech world and how do you manage to overcome them?

As Cyber-attacks become increasingly sophisticated in engineering these attacks, CISOs face a daunting year ahead. As custodians of sensitive customer information and business value delivery, the CISOs should understand the importance of keeping data safe and secure.

For this, CISOs not only need have very good understanding of the latest technologies, changing threat landscape, but also able to communicate well within business in their language and the associated risks. CISOs need to understand and explain that security hits across business, people, process and technology.

CISOs not only need have very good understanding of the latest technologies, changing threat landscape, but also able to communicate well within business in their language and the associated risks. 

Secondly, CISOs have to be more strategic than tactical. It involves not only leading the organization but also leading the change, change from technology, business and the regulatory requirements. CISOs need to anticipate and participate in the change and invest in the right people and technology. Continue to educate and spread the message that “Security is Non Negotiable”. This is not really difficult in today scenario considering the media attention on data breaches.

What big security trends do you foresee in 2016?

Looking ahead to 2016, five security trends that may dominate will be as follows

1.Collaboration and Standardization of Privacy and Regulatory requirements : Last year, we saw many countries and industries bringing in new or enhancing the existing privacy and regulatory requirements. While this trend would continue, we would also see more countries and regulators across the world coming together for a building a collaborative approach in privacy and regulatory requirement. This is really at nasent stage, but we would continue to see this maturing over a period of few years.

2.Investment in Security tools and People : Cybrcrime groups have become much more organised and sophisticated. They have started deploying the the latest technologies and have learned to exploit the Internet  to damage the critical infrastructure of any country. Strategic investment in tools and people that helps in securing and managing critical infrastructure is the need of the hour. Organisations would continue to invest in tools that can leverage predictive modelling to allow them to build resilience within the business. Investment in people to drive and manage these tools would become critical for the organisation.

3.Threat from IoT :As more and more devices get connected and IoT explodes, IoT will become a significant threat surface for the enterprise, leading to more physical disruption and new innovative secured solutions. Organizations would enhance privacy and build secure IoT devices by adopting a security-focused approach, reducing the amount of data collected by IoT devices, and increasing transparency and providing consumers with a choice to opt-out of data collection.

4.BOD Trends in the Workplace : We saw many organisation launch BYOD programs and this trend would continue in 2016. BYOD programs would continue to drive create a mobile workforce. Organisations would be able to tap new business opportunities with a reduced cost, which inturn would add value to clients businesses. This trend would continue to impact organisations of all sizes resulting in economies of scale.

5.Education and Awareness : As business model is changing cloud, moble computing, Internet has become critical, the exposure to online resources has exponentially increased, We should see increased focus on information security “Education and Awareness” and measuring its effectiveness. People are considered the Weakest link and their actions can have direct impact on Information Security. 

Yogesh Gupt is executive editor at IDG Media. You can reach him at yogesh_gupta@idgindia.com or follow @yogsyogi1