In an interview with Moneycontrol, Srinivasan CR, Senior Vice President, Global Product Management & Data Centre Services, Tata Communications, talks about how the perception around cybersecurity is changing.
In an interview with Moneycontrol, Srinivasan CR, Senior Vice President, Global Product Management & Data Centre Services, Tata Communications, talks about how the perception around cybersecurity is changing, especially in light of Aadhaar-related discussions, and why the company plans to invest USD 50 million in the space in the next three years. Edited excerpts:
How has the managed security services space panned out this year for Tata Communications, and how do you see opportunities going forward?
Tata Communications’ comprehensive managed security services portfolio delivers security for the cloud and from the cloud to global enterprises helping them effectively manage business risk in today’s digital economy. Our capabilities include risk and compliance, cloud security, identity and access management, and analytics to predict cyber-attacks and ensure network & infrastructure security. We bring all aspects of this offering as a service on 24x7 basis, to help our customers fight cyber threats.
Currently, we have a team of over 100 cybersecurity experts – out of which 80 percent are in India. We have had upwards of 50 percent year-on-year growth in security services and we expect that to continue.
Security needs continuous management, and adapting to the current scenario of the market. We are helping our customers work through the changes they see and supporting them on a constant basis.
What kind of investments is Tata Communications looking to put into this segment?
Tata Communications will hire 400 people and invest USD 50 million in our cyber security services business in the next three years, as companies look to combat the rise in cybercrime and data theft in India and globally.
Tata Communications is gradually establishing a global presence that provides customers advanced insights on cyber security threats. We have security operations centres (SOCs); we call them the cyber response centres, in India and we are adding more centres regionally because we realise that every region has data residing locally.
We are looking to add cyber response centres across the APAC region (Singapore), Middle East, USA and the UK to be able to help customers in these geographies with handling their security infrastructure.
Our main focus in India is on the BFSI sector as they have the most crucial data and, as a result, the maximum budget allocated for security services. We’re also focused on the telecom sector.
In addition, we are working to see how we can develop cybersecurity as a skill. We are partnering with select universities in India and Singapore to introduce additions to curriculum focused on cybersecurity.
What according to you is the weakest link in a system from the point of view of cybersecurity?
Almost 80 percent of breaches are from some known source or the other. Data protection is going to be a major challenge in the future for all enterprises, particularly in terms of who owns the data and where it is stored. Plenty of efforts will go towards ensuring that data is restricted to the geography it originates from. In terms of threat, data is the new currency. Compliance to global standards and requirements will be a big challenge. This will in turn lift the standards of data security worldwide.
The finer nuances of such attacks are often best understood in terms of local geography. Thus, we're also looking to expand our technologies and intelligence across the world. We are focusing on identity and access management, and cloud security, which are some chief areas that require more attention in the near future. It's pretty safe to say that in today's times, data security and protection is one of the fastest-growing businesses we have.
In light of the recent damaging cyberattacks, how have clients’ outlook towards security changed? Are there any significant differences in the way MSSP contracts are structured?
To-date many businesses have been in denial mode, thinking that a cyber-attack will never happen to them. Next, to address cybersecurity, too many of them will simply buy cyber-attack insurance, which is really just about passing the ownership to a service provider.
Following the WannaCry attack, we found that only about 10-15 percent of businesses worldwide were well prepared with the right security and latest patches and updates. NotPetya exploited the same vulnerability on Windows systems as WannaCry did, meaning that organisations that updated patches for this vulnerability were unlikely to have been affected by this attack.
Clearly, security updates are key. Additionally, a strong security infrastructure is not just about a secure network, as investments need to be made in detection and predictive tools and services.
Experienced personnel should constantly be on standby to identify any weaknesses quickly. It’s crucial that victims look towards the expertise and support of security partners like a managed security services provider (MSSP) or an internal cybersecurity team to respond appropriately to the security incident.
How does the Indian market differ from the global security market, if at all?
The security industry in India is still at a nascent stage but cybersecurity is fast becoming a mandate leading to an increase in demand. Discussions such as making Aadhaar a single point of information for easy access have brought renewed focus on cybersecurity in the country.
The recent ransomware and DDoS attacks that we have seen have ensured that security is no longer an afterthought and that organisations are paying more attention to it.
Looking forward, the trends we are seeing globally are similar to what we’re seeing in India. Security breaches will now increasingly be thought of as inevitable, rather than something that can be completely avoided.
The widespread adoption of smart technology, smart city initiatives and the Internet of Things (IoT) have made safeguarding customer data even more important.In addition, as technologies progress...the challenge is to train cyber-security professionals so that they can deal with threats as quickly as possible and also adapt their skills as needed. It’s now up to governments, universities, schools and businesses to collaborate in order to bridge this substantial skills gap.