CIOs Should Change Old School Approach To Data Security

Suk Ling Gun, Managing Director (South Asia) of Kaspersky Lab, in conversation with Biztech2.com, gives an overview of the CIO challenges around maintaining data privacy and the dilemma around ‘security vs. productivity’ in allowing employees to use personal devices for work.

How critical is data privacy for enterprises? And, how has it evolved over the years?

Data privacy plays a major role in securing the integrity of the enterprise. Securing integrity essentially means securing the critical information of the company, which if leaks out can cause great damage to the productivity, management and customer relation.

In the past things were different, and the availability of technology resources was minimal and also hard to get. But right now, with the internet boom, growing social web, and search engines, enterprises are more aware. The way things have evolved, today we can view technology from the perspective of the proverbial coin with two sides. On one hand we have technology to secure something, and on the other, there are thieves and hackers who, using the same technology, can decode the system and leak information outside the company. So there is great shift in the whole paradigm and it is a huge challenge to safeguard data in this highly competitive and risky environment.

What are the challenges faced by CIOs when it comes to data privacy?

The major challenge is to cope up with the changing technology, and CIOs and IT heads have a tough time pinpointing the threat. With the threat landscape constantly evolving, data privacy applications and solutions are also getting constantly upgraded and updated. What haunts the CIOs is to keep pace with this constant evolution and figuring out the right solution among the deluge.

Another challenge is to assure that people, process and technology are trustworthy in the company, because these three pillars take the responsibility of safeguarding the critical information of the company. And, if any one of the pillars fails in their responsibility, it can cause major trouble to the company, and the CIO would be held responsible for it.

What are your recommendations for ensuring data safety for enterprises?

There is no one line mantra for this. In order to overcome data safety challenges, it is imperative for CIOs to change their old school approach of tackling difficult situations. There is no way to stop a data leakage when the system is infected by a hacker. For instance, how can one trace an email attachment? And with the emergence of enterprise mobility and tablets invading the enterprise it is next to impossible keeping a track of all the communication outside office.

To avoid such a situation, firstly CIOs should have a strong security policy, and that policy should include ‘no connection outside company network’. On the other hand, they should choose the right technology which supports the business needs, and also train the employees about data privacy and its importance. So it is extremely important for a CIO to select the right people, process and technology to get a 100 percent result when it comes to data privacy.

What is your take on the on-going dilemma around allowing personal devices for work?

Enterprise mobility comes with many loopholes that can trigger security breaches, but at the same time it also has the potential to help improve employee productivity.

It is still a dilemma for CIOs to decide on the usage of mobile computing in and outside office premises. And, there still are many companies that do not allow their employees to use smart phones and tablets inside the office environment. I think the only way to tackle this is to make sure that the mobile devices are under the surveillance of the company’s network 24x7, but this is easier said than done.