In a long and varied career, Srinivasan CR, Chief Digital Officer for Tata Communications, has seen huge changes in enterprise approaches to the thorny issue of security. In conversation with Business Innovation Leaders Forum podcast host Julian Patterson, he reflects on how security has gone from relative afterthought to paramount priority.
“Enterprises are beginning to take security very seriously,” he muses. “When people are planning large projects, they talk about security up front, including the resources that they will need to protect the estate. They’ve moved to a proactive posture, and that sea change has come about probably in the last 10 years.”
A massive task lies ahead, however: “Not all enterprises are at the same stage of awareness, or the same stage of investment in security,” he reflects. “And things are only getting more and more complex. It’s no longer a perimeter-centric conversation. We’re talking about 5G connectivity, mobility, Zero Trust. The threat surfaces have broadened and evolved meaning that there is a need for enterprises to constantly evolve and do more.”
Srinivasan CR is Executive Vice President with Tata Communications, responsible for the overall digital and security strategy and execution. A technologist and a business leader, he is also the global business head for cloud and security businesses at Tata Communications enabling digital transformation initiatives for customers.
His experience spans over 25 years in enabling business technology solutions. He has worked in large enterprises, co-founded a start-up, custom-created new platform based solutions and leveraged technology to help build sharper customer experiences and differentiated business models. In his long career Srini has worked with CMS Computers, Citibank India and Sify.
Humans, as ever, can be the weakest link. It remains important for people to continually question whether what they are doing is right for the enterprise. “Am I doing things that will help me secure the work that I’m engaged on?” says Srini. “Constant thought processes need to be baked in. It shouldn’t even be looked at as security. Typically, people tend to look at that stuff as for the corporate security information officer. The mindset change is coming through, that it’s everybody’s responsibility.”
Srini also sees a lot of AI and machine learning being deployed, reacting to security events and simplifying the grunt work aspect: “I think threat hunting is an important area where technologies like AI and ML will be of help,” he feels. “Today there are a number of technologies and toolkits that are available featuring AI and ML, as well as analytics tools.”
Recent years have also seen a huge acceleration of digital transformation among enterprises seeking to stay relevant in the market, he notes: “They have had to do things faster than they would have otherwise done, shrinking the own data centre footprint, making sure their network is cost effective, moving to SD-WAN, using the Internet a lot more than they would have done pre COVID,” he says. “There’s the move to cloud, shifting enterprise workloads there, with the data centre footprint shrinking. And applications are becoming modern. You want applications to be available 24 by seven, which means making them modular. It also means no downtime, and no concept of scheduled maintenance. You can’t be off, even for a second.”
The biggest cloud challenge, he says, is making sure that you’re moving the right workloads there: “The second is making sure that you’re paying effectively for what you’re using, and that you’re not having idle instances for which you’re being charged. Cost management and the economics of cloud needs to be closely managed. And third, of course, is security.”
Cloud security, he believes, can never be a shared responsibility: “It must always be owned by the enterprise,” he says. “Cloud service providers play a role in that, but at the end of the day, it’s your asset in the cloud, and you got to make sure that it’s fully protected and safe. The primary responsibility is with a customer, having outsourced the infrastructure to a hyperscaler or cloud provider. They can ensure that at the infrastructure level, the components are secure.”
In any conversation about security, ransomware will always be on the agenda. Why is it such a huge problem for businesses? What can we do about it?
“When Bitcoin was worth less than $1, I didn’t hear too much about ransomware,” reflects Srini. “When Bitcoin reached $100, then all at once the opportunity to get money out of an IT problem was simplified. I think ransomware is a big problem right now. It’s a big opportunity for somebody to stop you in your tracks and demand money, and there is a payment mechanism that’s available in the form of Bitcoin. It’s making life complex for enterprises, I think two thirds of larger enterprises have been impacted. You’re left with the dilemma of whether to pay, and how to recover from a ransomware attack. The hygiene of an enterprise is extremely important if you’re going to manage ransomware effectively.”
As ever, he says, security is a trade-off between risk and cost. In sectors like banking and insurance sector, risks are seen to be higher, so more is spent on protection. Costs are going up, and skills getting shorter: “You’re not just hiring people to look at a monitor and say yes or no, you’re looking for people who can think through an incident and how to react to it. This is why every CIO would like to have more budget for enterprise security. It’s always a catch-up game, in some form or another. Many are working to try and keep the budgets flat, to do more for the same.”
By Guy Matthews, Editor of Innovate! a Business Innovation Leaders Forum publication
Listen to the full interview here on iTunes
Listen to the full interview here on Blubrry