We spoke to Milind Wakankar, PSP, CRiSP, Systems and Technology Program Leader- Asia Pacific - Corporate Security, IBM India on the changing role of a CSO in today’s security scenario, the changing security scenario in large organizations and the role played by latest technologies such as AI, IoT and Machine Learning in enhancing security.
Interviewed by Adeesh Sharma
- Please dwell on the changing role of a CSO in ensuring security for an organization
With a rapidly changing security landscape, the traditional role of a CSO has undergone a phenomenal transformation. Besides managing physical security of the organizations people and assets he is required to become more IT aware, be sensitive to business goals of the organization, keep himself up to date with latest technology and regulatory trends and understand the importance of data.
- In present times, Boards expect CSOs to rise above loss prevention objectives and instead convert Security from a cost center to that which creates value for an organization. Security is no longer acceptable as the cost of doing business. CSOs need to understand the organization’s business, strategic goals, involve key business stakeholders in preparing security blueprint and demonstrate convincing RoIs on all security investments.
- A CSO needs to be aware of latest local and global security, and privacy regulations so he can work to maintain and improve the organization’s compliance posture and protect them from huge penalties. A case in the point being the recent GDPR regulation.
- Physical and Digital convergence is making it imminent for a CSO to be aware and hone his skills in the Data and Cyber security domain. Besides physical security, CSOs should also be ready to drive cyber security related policies and processes for the organization.
- They should be a champion of ‘Data’ as the next big tool in security. CSOs need to understand the significance of data and develop strategies related to creating actionable intelligence out of the security data collected.
- They should make next gen Technology transformation a core part of the organization’s security operations. Inculcate technology and nurture skill sets in the AI, IOC and Cognitive domain within the security setup of an organization
2. What kind of security challenges do you foresee for large organizations in the near future?
I would say Global forces, regulatory pressures, technological innovation and pressures on business performance, are key security challenges facing large organizations. Let’s analyse them in detail:
- Global forces – Competition is growing everywhere in everything. Business environment is tougher and more complex. This has lead to increase in competitors resorting to unethical business tactics like negative Brand targeting, cyber hacking, sponsor insider breach etc.Large organizations will need to be ready to handle such situations.
- Rising regulatory pressures – There is an ever increasing blizzard of security regulations, some restrictive in nature and those that may often be an impediment to business,not to mention the investment of precious time, effort and cost for compliance. Others eg: GDPR related to data privacy, dictate severe financial penalties for non complying organizations.
- Technological innovation – Adversaries that are equipped with better tools and advanced techniques are ahead of organizations in the security game. Incidents are more severe, complex and have far reaching effects. Especially Cyber security of an organization’s systems, network and data are getting increasing vulnerable each day. Also with the trend towards outsourcing third party value-add and contract-manufacturing, security has now become an integral business priority for large organizations who cannot afford to take chances, when it comes to threats – be it internal, external, malicious or simply a result of human error – against people, process and technology. Risk is everywhere, it is high and ever increasing. So the challenge for organizations is to manage a rapidly changing threat landscape by prioritizing security.
3. What role can technologies such as AI, IoT, Machine Learning and Big Data play in enhancing security of an organization?
Coming from a technology organization I can speak at length on this subject. To be brief, some of these represent the next big technology changes that will forever disrupt the status quo in security industry. Although the hype over AI had set unreasonable expectations in the market last couple of years, a meaningful progress will be made in 2019 in specific areas around AI, IOT and Deep Learning which will help deliver the expected advanced security analytics capabilities to the market.
But the key for the market will be ‘Data’.A large chunk of our security data is unused. Large organizations will need Enterprise security platforms built upon security intelligence, which leverages big data and Cognitive analytics. Cognitive systems will help convert unused security data into actionable intelligence, expose risks and drive security strategy and decision making for CSO.
4. Please share your views on IFSEC India and how it can be leveraged by security professionals to enhance awareness about various products and technologies.
IFSEC India is the largest security industry exhibition in the country. It provides a very large platform for the security industry to showcase their technology solutions, products and services to security users coming from different domains across the country ie. Critical infrastructure, banking, government, law enforcement, education, industrial, education and residential. At the same time IFSEC also provides the users, a single platform to interact, understand and appreciate technologies from across the globe. A Conference event organized as part of the Exhibition brings industry veterans on stage to deliver talks and presentations on hot fire and security topics benefiting hundreds of security service providers and users alike. IFSEC India also runs annual awards show inviting the security industry to participate by submitting their credentials and achievements under 20 different security categories. Winning companies are felicitated by trophies and certificates in a gala ceremony. In a nutshell, IFSEC India is a unique and very large platform which provides great opportunities to security users, solution providers, integrators, consultants and policy makers to network and upgrade their security knowledge.