The era of cloud and IoT has heightened the role of the Chief Information Security Officer (CISO) in enterprises. Increasing sophisticated threats complicated by the lack of a skilled security workforce add to the challenges enterprises have to manage. Try denying the fact that the Internet of Things (IoT), cloud, mobile and SaaS have all become mainstream IT platforms today, and you can’t. Specifically, the cloud and IoT are beginning to have a huge impact as organizations of various sizes are deploying them.
According to a recent Gartner study, more than half of major new business processes and systems will incorporate some element of IoT by 2020. While the cloud and an increasing number of interconnected devices help enterprises gain an edge by increasing their work efficiency and adopting agile business models, security vulnerability deepens risk. Consider this: Telnet attacks have witnessed an increase of 280% in the first half of 2017, as reported by F5 Labs in their latest global IoT threat report.
The role of CISO and security standards in India
With so many vulnerabilities, the role of a CISO is assuming greater importance in enterprises and becoming critical to protecting information assets. A recent Symantec survey covering 1,100 CISOs across 11 global markets revealed that cloud security remained a top concern for Indian CISOs. One of the biggest challenges faced by Indian CISOs was to ensure cloud applications met compliance requirements.
Making things easier now is the recently released Ministry of Electronics and Information Technology (‘MeitY’) note highlighting exact key roles and responsibilities of CISOs in various ministries and government organizations. While the notice primarily focuses on the government sector, security experts believe that the note can serve as a definitive guide to the private sector too, reducing the complexity of compliance criteria.
With the guidelines in place, CIOs now have clarity in responding to the threat landscape on a regular basis. This helps CISOs to establish efficient cybersecurity programs. A prelude to the CISO note was the launch of Cyber Swachhta Kendra' (Botnet Cleaning and Malware Analysis Centre), ensuring a secure cyber ecosystem for enterprises in India.
CISO challenges and the road ahead
Over-burdened networks: IoT and interconnected devices do enable richer communication; but they also pressurize the networks. As a CISO, your key challenges today are to ensure frequent device audits, optimize enterprise logging solutions, and utilize network bandwidth maximization to rule out any threats.
Overcoming the shortage of skilled IT security workforce: Come 2020, there is going to be a shortage of 1.8 million cyber security professionals worldwide, as estimated by Frost & Sullivan in their ‘2017 Global Information Security Workforce study’. CISOs are focusing on hiring the right team to ensure that their security teams are skilled enough to handle both technical as well as softer aspects of security vulnerabilities.
Reducing possible hierarchy conflicts: In the Indian context, the organizational hierarchy of CISOs needs to be rebooted to ensure seamlessness and better coordination. For example, a majority of CISOs report to the CIO, increasing chances of possible conflicts between security and productivity concerns. With the MeitY-backed note detailing core roles and responsibilities, enterprises are likely to overcome such potential conflicts without compromising on either the efficiency or the information security of the organization.