CISO, Axis Bank Limited
I started my career with National Informatics Centre (NIC) as Senior Scientist and then moved to Bank of India as CISO and now with Axis Bank Limited on the same profile. My beginning was typically like any young engineer but I had always a passion for Networks and Security which has put me now into my passion, i.e; addressing Information Security challenges effectively.
Information Security as a profession
What is that risk, which would be acceptable to the business? I was always fascinated by this question and was running all along to get the answer. Getting into the risk, deciphering it and then managing it by maintaining business requirements is something very interesting task. “Another aspect is new challenges every day especially in Online banking where you get to think much ahead of fraudsters to come to reasonable level of security and you design the controls accordingly which ultimately gives the business and the Board a kind of comfort. All these are the reasons which supported my thoughts. I never decided to make it a profession, I think it just happened.
Big challenges CISOs facing today
I think, enterprise mobility, cloud, social engineering tactics to fool gullible customers, data protection beyond your boundaries (especially when it sent to 3rd party vendors) are some of big challenges CISOs are facing.
Data Privacy and Data Security
There are many overlaps between the two but there are several distinctions as well. Data security deals more with ensuring that data is not stolen through external or internal entities and hence many technological and procedural barriers are built around it so that data remains protected. On the other hand data privacy deals with those aspects where the owner of the data is the only person who should have access to his data unless he provides permission for another person or entity to access his data to provide certain services.
Suggestions to Information Security vendors
Information Security vendors should not try to create fear, uncertainty among the information security community but try to be more proactive in terms of solution management and focus more on optimizing IT infrastructure when the solution is rolled out. It should not be a burden to the IT infrastructure but should be seamlessly integrate into it.