Head – IT Infrastructure,
Pernod Ricard India
I started working as Software Programmer in 1997. During last 16 years of my career, I got the opportunity to work with some of the industry leading companies across IT domains (Business Applications, Infrastructures, Information Security & Governance) and significantly contributed to the organizations. Currently I am working with Pernod Ricard India (a global MNC head quartered in Paris, France) as Head IT Infrastructure & Operations.
Information security was never a choice to me, rather an integral part of my role in every organization. Be it any technology solutions/applications/systems, information protection is a mandate in the organization which we can’t leave without this. This is only possible when our “People” have the right level of awareness to protect their own information; our “Processes” are smart enough to ensure effective security management; and the right “Technology” is in place to ensure full protection of our end points, data center, network and information flow inside/outside the organization.
Taking Information security, a IT initiative is the biggest mistake does by most of the CISOs. Information security is an Enterprise Initiative and each member in the organization must be accounted for its successful implementation. Developing business case, justifying ROI, execution with user adoption and realizing business value in the committed timelines are the key challenges.
We live in a threat live environment, where 100% information protection through internal capabilities is quite challenging. Security outsourcing is the way of life to mitigate/transfer of risks. In this cloud era, organizations are looking for full proof information protection on flow and no longer interested on the IT systems uptime. Today, security partners are strong skilled/equipped to address such needs with accountability.
To me, data security is the confidentiality, availability, and integrity of data. In other words, it is all of the practices and processes that are in place to ensure data isn’t being used or accessed by unauthorized individuals or parties. Data security ensures that the data is accurate and reliable and is available when those with authorized access need it. A data security plan includes facets such as collecting only the required information, keeping it safe, and destroying any information that is no longer needed. These steps will help any business meet the legal obligations of possessing sensitive data.
Data privacy is suitably defined as the appropriate use of data. When companies and merchants use data or information that is provided or entrusted to them, the data should be used according to the agreed purposes.
Help customers to put a 360 degree approach – People, Process & Technology and not just selling a product. Encourage customers on complete outsourcing with partner accountability. Develop a governance process which will help him in realizing the promised ROI to business.