An Evolving Security Mindset

What are the key developments moving Indian security today? Is compliance to baseline security standards, defined by the IT Act 2000 as complying to ISO 27001, enough to meet the security challenges of Digital India, smart cities and other key initiatives? [Also see: Architecting Security's Future]

"Even though we are the leading adopter of ISO 27001, I have a very contrarian view to standards," says Vinayak Godse, senior director at the Data Security Council of India. Security is such a dynamic and ever changing field, and standards tend to make security very rigid, he believes.

"Standards do help you, but they are just one part of your security program," Godse says. "The focus needs to be on how to make security more adaptable, agile and responsive today - a discussion that goes beyond standards."

According to Godse, developments in the security landscape in India can be categorized into four key areas. First the individual and all the integration that is happening into the digital economy and the issues citizens are expected to face. Then come organizations. If you take any vertical, both technology and business models are rapidly evolving, which creates new threat vectors. Furthermore, organizations are having to increasingly shoulder the additional burden of national cybersecurity, with the part they have to play, he says.

Beyond organization-level security, certain industry sectors, qualifying as critical information infrastructure sectors, are facing challenges from state and non-state actors. Innovative ways of attacking these sectors are evolving with increasing use of zero-day attacks against them, he says. The last key piece is the national-level technology initiatives such as Digital India and Smart Cities, which plan to use the Internet to do a great number of public service transactions. Huge investments in infrastructure are slated, which will also lead to a massive growth in the attack surface and attention from threat actors, he says. [Also See: IB to Create Cybersecurity Architecture]

In this candid interview with Information Security Media Group, Godse outlines his concerns on the developments in security in India, and some of the strategic shifts that he has seen in recent times, as well as the key drivers. He speaks a bit about the changing approaches and increasing awareness and the part DSCI is playing in this process. Godse discusses:

• The shift taking place in the security mindset in the country;
• DSCI's increasingly active role in driving the cybersecurity conversation;
• What practitioners in India can expect from DSCI.

Godse has 17 years of experience in information security and IT and is a Senior Director with Data Security Council of India. He is managing a program for defining data security and privacy practices, based on which self-regulation mechanism will be established. Along with this program, he is also engaged in DSCI outreach program at national and international platforms for establishing collaboration with different legal and regulatory bodies, data protection authorities, global clients and outsource service providers of all categories including small and medium players.