Security needs to be embedded in every stage of the business cycle

Infosys is building an integrated platform that performs incident response, monitoring, proactive threat intelligence, apply analytics, and automation to monitor security breaches/ threats. The platform uses analytics and artificial intelligence to predict and alert the client on potential threats. In a recent interaction, Vishal Salvi, chief information security officer (CISO) and Head, Cyber Security Practice, Infosys, tells Sudhir Chowdhary that more than technology itself, nurturing a culture that recognises cybersecurity as top priority is critical to establishing digital trust and resiliency in these evolving times. Excerpts:

How is Infosys ensuring business resilience and IT security for its clients in the new normal?
Challenges from the enhanced threat surface due to Covid-19 brought about a greater experience in handling cybersecurity with over 200,000 employees shifting out of the organisational boundaries in a short span. We were able to move about 95% of our employees to a work-from-home model during the first three weeks of the pandemic. The massive shift to a remote working culture put enterprises at the mercy of cyber hygiene.

For any enterprise to be able to protect data in a distributed network of remote workspaces, information tracking and security policies need to be deployed with the business able to minimise security risks and achieve business resilience. We made significant adjustments to the rules for monitoring and use-case generation so we could adapt to the new ways of working. All our endeavours, including data aggregation and analytics for operations and infrastructure provision planning, take into consideration employee privacy mandates. We developed new models to monitor employees for reasonable assurance of their productivity without conflicting privacy mandates.

Enterprises need to ensure a proper borderless security architecture is configured when devices connect from remote locations. Organisations which are not able to make this shift are the ones who are at a risk of falling prey to cyber attacks.

How can companies lean on security to foster digital trust with customers?
As digitisation becomes more advanced and cyber attacks get more lethal and sophisticated, organisations need to be always on their guard. One way of doing that is to keep an eye on security. The secret lies in empowering and enabling all stakeholders to practice security. The principles of secure by design and privacy by design can play an important role in ensuring that security is embedded at the beginning and in every stage of the business cycle. Security also needs to be designed into every enterprise architecture. Privacy-related regulatory mandates have made it essential to incorporate privacy by design in almost every project. This plays a key role for organisations to gain digital trust which is a huge competitive differentiator today.

How can enterprises balance security and convenience to optimise the customer experience?
The time has come to focus on developing security for people. With cyber criminals increasingly targeting remote workers, additional vulnerabilities have been created. Our default reaction is to blame the victim, even penalise them. It may be vital, however, to look at why the incident occurred. The following best practices should be considered to balance security and convenience and create a better user experience;

• Upgrade VPN infrastructure to allow more bandwidth and ensure fast and seamless access to company resources for remote workers;
• Test new models for connecting effectively. For example, creating various levels of authentication based on a trust score and built from the risk factors found for each user or activity, i.e., Adaptive Authentication;
• Implement security technology and processes that are designed with the user experience in mind. For example, fine-tune session time-outs so that there is a fine balance between user experience and security;
• Ensure security is ingrained as an integral part of remote worker behaviour. Publish FAQs and other supporting documentation, conduct workshops and training to allay confusion and any resulting risks with respect to remote access.

How is Infosys boosting the efficiency and efficacy of all technology assets for business growth and cyber resiliency?
We believe in assuring digital trust by driving the mindset towards “Secure by Design”, building a resilient cybersecurity programme to “Secure by Scale” and adopt newer technologies to “Secure the Future”. We build holistic cybersecurity programmes by following our four-dimensional approach of Diagnose-Design-Deliver-Defend. This defines the Infosys CyberSecurity philosophy—Digital trust. Assured. We have a four-pronged approach—frictionless security, cyber resiliency, continuous improvement, and building security as a culture.