‘Link technology to the business risk’

by | Oct 6, 2017

Security, Cybersecurity trends

Traditional approaches to security no longer work in a digital world and deploying various security technologies does not guarantee complete security. Rajnish Gupta, Sales Director, RSA India, says one must link the technology assets to the business risks and take a platform approach to security.

Q. The traditional approach to security no longer works in a digital world. There are new threat vectors and business networks are more interconnected. What is the new approach to security?

Short answer: Identify your critical business assets and give these a risk score. Create a risk profile. Then monitor the critical assets rather than trying to pay attention to a flood of alerts. Deploy orchestration around it to understand your risk posture at any given point of time. It’s not about having so much technology to control your security posture. Take a platform approach to manage your security technologies and alerts.

Rajnish Gupta, Sales Director, RSA India

Rajnish Gupta, Sales Director, RSA India

Rajnish Gupta: It’s about connecting the technology to the business risk or the business context. One should think about the impact to the business, should there be a security breach. If you can link the technology detail to the business risk, you will be able to manage your security posture and infrastructure in a much better way. This is what we call business-driven security.

It is about finding what is critical to you and assigning a critical position to that. Identify your critical assets and link those to the business risks. Give a risk score to your assets and monitor the critical assets regularly rather than trying to pay attention to a flood of alerts.

The CEO or board member is not interested in knowing about the technicalities of the breach. They just want to know about the impact of the breach and what was lost.

You need to have a platform approach to manage your security.

Q. In February this year you announced the RSA Risk & Cybersecurity practice. How does it help in operationalizing business driven security?

Rajnish Gupta: Any engagement that we do goes beyond the product conversation. It has a people-technology aspect. We have tried to do some consulting to advise companies how to do incident response. We advise them how to create their processes around cyber defense. RSA is trying to create awareness on those aspects.

Q. We now have thousands of things being connected to the network in the Internet of things. How has Identity Access Management evolved over the years?

Rajnish Gupta: Identity has become the weakest link in the security chain. Traditionally, IAM solutions have taken a technology approach. That has not worked out and the deployments have taken a long time to complete. The approach to IAM has changed from technology-oriented to governance-oriented. The business must know what kind of access people in the organization have, even when they change roles. Have the old access privileges been revoked when someone moves on?

The authentication method has also changed from a traditional VPN or token-based one to multi-factor authentication. You can have biometrics with iris scanning and facial recognition today. There is also seamless authentication between the on-premise application and the cloud-based application.

Q. Which are your target verticals in India? Can you name some of the companies who are using RSA security solutions?

Rajnish Gupta: We have a predominant presence in BFSI, IT/ITES and Government/PSU. HDFC Bank uses our fraud risk intelligence solution to secure online transactions. The solution does risk profiling and risk assessment based on user behavior. Many public sector banks in India are using this solution. The IT/ITES companies such as GenPact are using our SOC (NetWitness) and GRC (RSA Archer) solutions.

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles