‘Companies need to strike the right balance and be responsible while using people’s data’
While the industry is in the process of digitisation of businesses, the problem it is facing is of data protection, privacy and information security. Executive Vice President, CIO at Virtusa Madu Ratnayake speaks to Sunil Pradhan about the issues and solutions.
Q. Privacy has recently become a big concern for people. The incidents of technology giants sharing your personal details and General Data Protection Regulation coming into the picture, how should we look at privacy?
A. Well, there are two sides to it. We see that a lot of millennials are sharing their details by themselves. Our details are taken after some service has been offered. For instance, you need to access a map but then you need to share your location and so it becomes a give and take relationship. However, companies need to strike the right balance and be responsible while using people’s data. Similarly, people should also be made aware of the intended purpose for which their data has been collected.
Q. What are the challenges you foresee when it comes to information security?
A. With more and more digitisation, customers’ data is available in a digitised format and is stored in a particular location. Now, the first threat we face is of phishing information through social engineering which is rapidly increasing. Similarly, new technologies like cloud, Internet of Things, artificial intelligence are in nascent stage and so there will be security challenges to be met. The other challenge we see is the rising power of quantum computing. As quantum computing gets bigger, we also need to change our strategies and design algorithms for the same to be secure. Even the blockchain has now been challenged. There is reliability on encryption technology considering the current computing standards cannot decrypt the code. However with quantum computing coming into picture things can be decrypted.
Q. What is the industry doing to meet these challenges?
A. To tackle social engineering we need to spread awareness among people and we do this by simulation of phishing attacks through social engineering. Similarly, there are various start-ups in the industry which are providing information security services. A lot of companies are providing solutions to malware attacks. On the talent side, we are partnering with various universities to make students ready to handle the future of information security.
Q. Many businesses are switching to cloud while some are still hesitating and thinking about data privacy and security.
A. We must understand that companies which are providing cloud services are investing in cloud security. Similarly, if a company has the option of setting up own security model or going for a third party cloud service, they will have to invest in security technologies which the third party provider have already excelled in.
Q. With incidents of data breach coming up and also data privacy regulations in picture has the role of chief security officers (CSOs) and chief information officers (CIOs) become more challenging?
A. It is the CIOs and CSOs who are caught first if any security breach occurs. One security breach and you lose your job. So in our case, we follow three things on priority which would be secure client’s business, digitise client’s business and then scale it.
Q. How is the awareness among people on information security across different domains?
A. The banking and telecom sector is doing good in terms of information security awareness. With a lot of sensitive information, the healthcare domain is also maturing slowly towards adapting information security practices. We need to set up high trust standards so that we have more trust from people.
Q. What the services Virtusa is offering to its clients in the information security domain?
A. We provide information security as a service to our client. With digitisation coming into the picture we also help customers in protecting their data. We need to help customers in setting up their security processes and provide them security technology.