Once upon a time, not long ago—just 10-15 years to be precise—the job of an information security professional in an enterprise was to ensure that the IT systems are protected. IT systems were a centralized department, often fairly isolated from the rest of the organization to and from which information flowed through tightly controlled entry points or gates. All that the information security manager did was to keep some guards to man those gates.
That changed as more and more users started using the IT system directly—first the employees, then the suppliers, distributors etc. And the focus of security shifted from raising walls to controlling access.
All that was still okay. While the vulnerability quotient of the old threats (virus, malware, DDoS) was still intact but the CISOs (by now, the term had become mainstream) had begun to focus on bigger things. Protecting the ‘information’ rather than ‘system’ had become their main task. Some of it was forced, in form of regulatory compliance.
But then, things changed. Everyone started using everything. Tech became part of every process—from selling to manufacturing. Before they could realize, it was expected that the onus of protecting the various applications, happily installed and bought by the various functional department was on them. Protecting the consumers’ privacy was their job.
Now, with the hitherto closed manufacturing automation systems getting hooked to enterprise information network, there was a possibility of their being compromised, even halted. If a nation’s nuclear program could be brought to standstill, everything is possible.
So, protecting that critical infrastructure too was now the CISO’s delivery list.
India has chosen to accelerate its digital journey. I say accelerate because the digital journey itself is inevitable. Had there been no Modi or Digital India, we would still have traversed that path.
That path is full of possible incidents. As you know, the speedier you drive, the more the damage in case of an accident.
That was the basis on which our theme of CSO Summit was decided this year. And we touched everything from consumer privacy to protecting critical infrastructure. Read the report in this issue.
Add new comment