Advanced SOC Operations / CSOC , Governance & Risk Management , Professional Certifications & Continuous Training
Regulatory Environment to Get More ChallengingDeloitte's Garkel Shares Insight on Practitioner Challenges in India in the Coming Months
With businesses undergoing a technology transformation in terms of the many digital initiatives that typically exist in an enterprise today - social media, cloud computing, mobility and more - businesses have undergone a paradigm shift. Perimeters have all but disappeared, and cybersecurity challenges are getting even more complex (see: Build Security Around Data, Not Perimeters).
With regulators coming up to speed with their regimes, compliance is going to be a big challenge for practitioners going forward, says says Akshay Garkel, Director Enterprise Risk Services - Deloitte Touche Tohmatsu in India. "Security operations may soon become subject to regulatory audits for regulated verticals, and with initiatives like Digital India getting off the ground, there will be a mandate on organizations to identify parts of their infrastructure deemed critical to the national critical information infrastructure," he says (see: Cybersecurity: Is India Getting it Right?).
Just years after the amount of pushback the industry had toward the cloud, citing security concerns, businesses today - including in sensitive sectors such as BFSI - are fine entrusting their security function to a third-party. A multitude of factors have resulted in managed security emerging as the most preferred route for many organizations to present a robust, consistent and updated front to the security issues of today.
He feels that managed security has always been a challenging proposition. The primary challenge remains people and getting the right expertise to handle security. However MSSP popularity doesn't not come as a surprise to Garkel, because the level of maturity on the MSSP front has rapidly changed to cater to the demands of the industry - just as cloud service providers have come a long way, he says.
"Organizations were primarily using the cloud for their non-critical or business support infrastructure that were not open to any regulatory obligations, because initially the cloud service providers did not provide external organizations and customers the right to audit," Garkel says. "Overtime, as cloud has found more popular application, right-to-audit is no longer a cloud show stopper that it used to be" (see: Public Cloud Is Here to Stay - Is Security Ready?)
Garkel says one of the biggest challenges that practitioners today are taking in their stride - and is not really looked upon as a challenge by observers - is volume. For instance, a typical organization with 200k endpoints and 40-50k servers is going to produce a gargantuan amount of log and report data that is not humanly possible for a practitioner or a team of practitioners to make sense of. If you add the skills challenge to this, then automation, some amount of AI and a dial on demand managed services team is what practitioners are turning to (also see: Automation Needed to Beat Skills Challenge).
Garkel spoke as a panelist at ISMG's recent Data Breach & Fraud Prevention Summit held in Mumbai and was part of a panel on APT challenges in Indian enterprises (see panel takeaways: Securing Against Advanced Threats. In this exclusive audio interview with ISMG (audio link below image), Garkel shares his views on the landscape and the upcoming challenges that he anticipates for the practitioner community, touching on:
- The MSSP trend in the country;
- The ground challenges for security teams;
- Upcoming challenges to prepare for.
Garkel has more than 15 years of relevant work experience in delivery and business development in Information Security Consulting including Design, Advisory and Operations. He has worked in various geographies including India, Australia, Singapore, Japan, Hong Kong, Dubai, Philippines, US and Bangladesh. Skill areas range across a relevant blend of Techno-Sales in the area of Information Security. Garkel has worked on various security based solutions for large complex environments and multi-national corporations. He also has worked with entities in the verticals such as Financial Institutes including public and private sector banks, mutual fund houses, large exchanges, insurance companies and capital houses.