Zero trust is to treat everyone as a threat: Rama Vedashree, CEO, Data Security Council of India
In 2020, the Indian cybersecurity services industry stood at $5.2 billion, and further the cybersecurity products industry aims to clock a CAGR of 35% by 2023.
After cementing its place as a global hub for IT services and products, India is on track to emerge as the epicentre for the cybersecurity product sector. Skilled talent, industry expertise and experience coupled with deployment of cutting-edge cybersecurity products are helping in establishing India as the global hub for cybersecurity, says Rama Vedashree, CEO, Data Security Council of India (DSCI), in a recent interview with Sudhir Chowdhary. Excerpts:
What are your views on the current cybersecurity landscape in India?
The pandemic has fast-tracked the pace of digital transformation tremendously. Organisations are revamping their cybersecurity posture and aspiring to augment cyber resilience. This has led to the demand for vulnerability identification and management, secure network architectures, identity, etc., boosting demand for Indian cybersecurity products and services. Currently, the Indian cybersecurity industry stands at $10.82 billion in (December) 2020 and is estimated to exhibit growth of 27.35% CAGR in the next three years. In 2020, the Indian cybersecurity services industry stood at $5.2 billion, and further the cybersecurity products industry aims to clock a CAGR of 35% by 2023.
How important is it for CISOs/CIOs to implement zero trust models?
Businesses have become digitised and have adopted a work from anywhere setup. In this context, a zero-trust network architecture has now become a priority for every CIO/CISO. However, it’s not a solution/product that can be implemented overnight. Traditionally, anyone inside an organisation’s network was trusted and granted access which is no longer a safe way of operating. Zero-trust is to treat everyone as a threat, and “Do not Trust and Always verify” is at the centre of its architecture. Visibility, risk quantification, classification and privilege access management are the key pillars for security leaders while implementing this model.
What are some of the emerging data protection/cyber security challenges which organisations need to plan for?
Emerging technologies and their associated applications are mainly driven by data. However, this data should not be used to deduce personal information or compromise the privacy of an end-user. To keep data safe, organisations need to tackle security led challenges such as data theft, ransomware extortions, identity compromise and breach of privacy. For this, they need to plan for consumer data security, storage, privacy, reducing trust deficit, etc. Additionally, establishing legal bindings on associated breaches of conduct by regulatory authorities is equally important.
How has the pandemic and adoption of the hybrid working model impacted the security landscape for companies?
Targeted phishing campaigns, ransomware extortions, remote access attacks have increased multi-fold. While authentication and access management continue to be of concern for organisations, they are now actively spending to create a robust security infrastructure. Businesses focus on equipping their teams with security-led technology and tools and concentrating on more cyber drills, simulation exercises, and awareness training. Overall, most organisations have transitioned well to a work-from-home setup and have adopted security in a better way.
Do we need to have a policy framework to address cyber threats?
It is imperative to fast-track the enactment and enforcement of personal data protection, state-level cybersecurity policy, and strategy. Enforcement of a cybersecurity framework in smart cities and adopting the same in sectors like healthcare and education is also necessary. Additionally, apart from a national policy, there is a need to implement a mission mode approach to protecting and securing critical information infrastructure and increasing budgetary allocation in cybersecurity. Along with this, having a periodic national, sectoral level cyber simulation exercise and drills, establishing sectoral CERTs and ISACs, and Cyber Security Skill Development as a national priority mission is also a must.