 "CIO Concern: Providing Right Access Controls")
Rammohan Varadarajan, president and CEO, Arcot, talks about the various issues related to cyber security in a one-on-one with Biztech2.com.
What are the major security threats CIOs are facing today?
There are two major problems CIOs are facing in today’s times – the first one is ensuring their organisation and users have a secure pipe via which they can communicate; this is what SSL offers. The other worry is recognising who is at the other end of the pipe, who is talking to the enterprise and its users, and whether he/ she is a legitimate user or not. These are the two crucial issues that CIOs have to deal with.
What is happening in the Indian cyber security space?
The good thing about the Internet is that it’s the same for everybody. Putting the good and bad together, what happens is that the Internet is accessible from anywhere to anyone, while on the other hand, the bad guys can also reach anyone from anywhere. The bad guys are an enterprise and not just one person. They want to extract commerce out of the Internet by stealing money or assets of the corporation. So, the threats and the counter measures are pretty much like two sides of the same coin.
India has some unique characteristics; in the sense that the number of users of the Internet are quite large, so whatever solutions Indian CIOs opt for, have to be cost-effective, scalable and cater to a technically-not-so-sophisticated user audience. The main concerns are how to protect the user’s PC from malware and so on. As a CIO, I would be worried about whether I am talking to the right person and providing the right access controls.
What is your take on security with convenience?
The issue about security is that there are different standards such as taking an iris scan to ascertain the identity of the person. It has to be made sure that security matches with the threat level and with the convenience level of the operation that’s going on. What is really needed is a good balance between security and convenience as the Internet was built mainly for sharing and not for commerce. There is no pre-built strong security mechanism governing the Internet; security is an afterthought that has been added to the network fabric. End users are already familiar with a certain way of doing things, so the challenge lies in training them to do things in a different way.