We spoke to Manish Baldev Datta, Former Chair Person, ASIS New Delhi Chapter# 207 (2018) to understand the changing role of a CSO in ensuring security for an organisation, how he foresees security strategies maturing in the Indian corporate organizations, role played by technologies such as AI, IoT, Machine Learning and Big Data in enhancing security of an organization and his views on the IFSEC India expo and the role played by it to enhance awareness around security products and technologies.
Interviewed by Adeesh Sharma
Please dwell on the changing role of a CSO in ensuring security for an organization?
The rapid transformation of risk levels has become a global phenomenon. The emergence of new unknown-risks or sudden other changes in risk levels leading to catastrophic impacts on life and business is common. These situations call for intervention from high skilled professionals, called CSO, to act as business enablers.
During earlier times, the CSO was responsible majorly for the "Corporate Security" function, which included the physical security and safety of employees, facilities and assets. The CSO role has witnessed tremendous evolution and change in the last decade or so and we will witness the role further changing and evolving in times to come. The professionals handling CSO roles in today’s time are tasked and responsible for managing some of the most complex issues revolving around company’s operational risks including but not limited to supply chain integrity, information security, terrorism, frauds, workplace violence, natural disasters, copyright infringement, etc. CSO in today’s world entails being responsible not only for the organization's entire security posture, both physical and non-digital but equally business continuity, loss prevention, fraud investigation, and privacy. The CSO is looked as a pathfinder and problem-solver for the organization. CSO is expected to envision, strategize, and execute on a multi-faceted program within a rapidly changing scope of compliance and governance.
CSO is expected to think and perform beyond specific technical competencies and work trajectories and have a good understanding of how complex tactical objectives can contribute to the strategic execution of holistically securing an organization. In today’s world, CSO is a trusted advisor to the senior leadership in an organization.
How do you foresee security strategies maturing in the Indian corporate organizations?
The security strategy in a typical Indian Corporate Organization is largely dependent and revolves around the mandate and driving forces relayed by the senior leadership to the CSO. Of late, from a business strategy perspective, most of the Indian organizations too are facing a turning point in their respective businesses: inflation, stiff competition, low turnover rates, increasing year on year wages, enhance efficiency and revenue base by re strategizing and transitioning into niche and specialized markets or portfolios.
Likewise, the security strategies in Indian Corporate organizations too are aligning with the need of the hour and is witnessing a revolution wherein security leaders are being challenged and asked to reduce operating costs, exhibit efficiencies and ROI (do more with less), infuse technological solutions, outsource generalized security work to third party companies and enable/manage in house niche service lines only. The security teams are becoming leaner year on year and security leaders are being tasked to take on multi skilled roles. The security strategies in the Indian Corporate organizations are witnessing scaling the maturity route wherein security leadership is not only aligning with the business needs of the respective organizations but equally evaluating pertinent and realistic security business risks to the organizations and recommending practical risk mitigation strategies. The strategies will majorly also focus around data privacy, security business trade secrets, thinking ahead of the curve, etc.
What role can technologies such as AI, IoT, Machine Learning and Big Data play in enhancing security of an organization?
We are fast moving towards infusion of more and more technology in business organizations which is making life easier for organizations and stakeholders alike. However, there are some inherent advantages and equally security risks and challenges aligned when we talk about infusion of technology, be it AI, IOT, Machine Learning and Big Data analytics. DDOS attacks, malware, spoofing, the Internet of Things (IoT) that we use for communicating over public internet are common threats but extremely vulnerable. From a regulatory and compliance perspective, the role of Corporate Auditors has enhanced wherein the vigil and vetting is more focused and the demand is for a more robust and enhanced security framework around such technologies.
Hence amalgamation and integration of such platforms will essentially enhance the security framework of an organization. As the modern threat landscape continues to expand, adding artificial intelligence to a security strategy has become paramount to establishing and maintaining an effective security posture. Given the speed and complexity of modern cyber threats and the current cyber security skills shortage, network security teams need the assistance of machine learning and other AI-based capabilities in order to detect, secure, and mitigate modern attacks. A promising area of technology for IoT security monitoring and breach prevention is machine learning and behavioral analysis (AI). The physical access to these machines and devices is however to be closely monitored for deviations and limiting authorized access only. However, whilst organizations are adopting AI to bolster their security efforts, equally cybercriminals are also adopting newer tools like agile software development, automation, and machine learning to potentially leverage AI themselves to better identify and more quickly exploit network vulnerabilities. In order to protect the success of digital transformation, and the new digital economy driving this transformation, security personnel need to quickly get their act together by leveraging AI-assisted security solutions that provide the breadth and rapid detection and response capabilities needed to keep pace with modern cybercriminals.
How do you think expos such as IFSEC India can be leveraged by the security stakeholders to enhance awareness about security products and learn about security strategies?
IFSEC India’s expos are unique in the sense that they bring Fire & Security stakeholders together through their platform. IFSEC India is increasing their footprint year on year, expanding to encompass more and more stakeholders and bringing not only internationally renowned exhibitors but equally government officials, consultants, security and fire community end users and also business experts under one platform. Through this unique platform, IFSEC India endeavors to address the most challenging issues being faced in the fire and security industry and deliver solutions.
Under the banner of IFSEC India; Fire, Security & Information Security stakeholders derive true value by focusing on how to achieve more efficiency, infuse technological solutions and generate ROI for their respective functions. The speaker topics, white papers and the presentations provide great insights into the ever evolving and changing paradigm shift in the fire and security industry. Moreover the networking and sharing of best practices equally provide the much required impetus to the participating community to go back enriched and enlightened. Another unique feature of IFSEC India expo is that it has been widely accepted and supported by a variety of Associations, viz: ASSOCHAM, APSA, ASIS International, ESAI, CAPSI, OSAC, SECONA, CIISCM, GACS and others.