Vijay Bharti, Chief Information Security Officer (CISO), Senior Vice President and head of Cyber Security Services at Happiest Minds Technologies, brings in more than 22 years of experience in the area of IT Security across multiple domains like Identity and Access Management, Data Security, Cloud Security, and Infrastructure Security. His recent work includes building frameworks and solutions for addressing security challenges for today’s digital organizations and securing technologies such as IoT, Hybrid Cloud, Serverless computing by leveraging the latest tools including AI/ML and Automation.
Digital transformation is extending processes across the supply chain and increasing exposure, making data and systems vulnerable. In this conversation with The Smart CEO, Bharti shares the challenges and best practices for improving security and protecting your organizational assets.
In this era of digital transformation can you share the top three security threats businesses face today?
Digital transformation is bringing a lot of new tools and technologies and changing the way IT services are getting delivered, based on cloud, analytics, and microservices, etc. The processes are more complex, and the boundaries are blurring. At the same time, from a security risk perspective, the exposure is increasing. The way you will implement security on the cloud is different from what you traditionally have been doing on your on-prem. We find many organizations failing to fully consider this and have risks due to misconfigurations or improperly set up security. Therefore, proper security tooling and configuration becomes critical.
Secondly, from the traditional waterfall model, today it has shifted to DevOps, which is more agile and integrated. It requires quick development and provisioning, and from a security organization perspective, it throws up the challenge of how to define the security baseline for all the changing processes, and how to measure and monitor it on an ongoing basis. From a centralized security function, which involved security testing and code reviews at the time of the product release, today in the age of DevOps, it has to be integrated into the overall DevOps process. It has to be part of the entire lifecycle, from the time it is getting developed to the time of deployed in the production environment. Security must get provisioned along with the infrastructure. We see that organizations need help with the entire process of reengineering from a security perspective.
The third area is ensuring the overall privacy of your data. There are now multiple parties involved in a single business process, right from your cloud provider to third-party/cloud applications. To address regulatory compliance and privacy requirements, you need to bring in privacy by design into these digital transformation projects and ensure data minimization, assessment of all third-party vendors, and data encryption/masking/leakage prevention.
Kindly share the best practices in threat hunting to proactively protect data.
Threat hunting is evolving. There is a lot of improvement in terms of tools and technologies, incorporation of innovations such as artificial intelligence and machine learning in hunting processes.
Digital transformation is generating a huge amount of data and extending business processes across many entities, making it more difficult to understand what’s happening at various stages. This requires AI/ML-driven threat hunting of suspicious activities across data sets collected from the entire environment.
Though preventive technologies have evolved, still they don’t provide 100% protection. As a result, organizations have to invest in detective controls like SIEM, data lakes to store all the security-related data generated across the organization, cloud environment, etc, and ensure they review all the information to identify any suspicious activities.
It’s important to think like hackers and assess and review your systems keeping in mind the known attack patterns. Leverage AI/ML to scan through this huge amount of data to look for any anomalous activities. Leverage the automation platform to integrate threat hunting queries so you can do it more frequently and on larger data sets.
Some of the best practices would be to build your threat hunting keeping in mind your crown jewels, conduct threat hunting exercises on a regular basis, and leverage automation to the extent possible.
Please tell us about the growing significance of DevSecOps.
DevOps is about speed and automation, which is very essential to today’s digital business. Security is also getting integrated at various stages of the development cycle. It could be a source code analyzer, a tool for vulnerability management and verification at the time of the release. It’s not only important to integrate security during your build process but also to ensure the provisioning of security for your cloud and container environments. Though many organizations do understand what is required, integrating security, automation, monitoring, and measurement in the process are some of the greatest challenges today. At Happiest Minds, we have built our own security framework for DevSecOps to integrate security at the various phases of the DevOps process.
How can digital transformation technologies help with threat hunting and crisis preparedness?
Building data lakes, automating threat hunting scenarios, leveraging RPA/Bots, leveraging analytics for identifying suspicious and anomalous activities are some of the ways in which cloud, analytics, etc, can help.
Cloud today gives you the capability to expand/scale as required and store a large amount of data at nominal price points. All this data can be analyzed leveraging using AI/ML/automation to aid in threat hunting. You can also include multiple layers of contextual data e.g., threat intelligence, user and entity data, data from third parties systems in the cloud easily.
Cloud can also help build a resilient organization for restoring backups and being back in business much faster than before in case of the need to shut down or scale out to prevent/contain an attack.
What can be some of the bottlenecks to security in organizations? What can be some of the impacts of this?
Despite all the innovation and progress, the attacks are still rising, and the attackers seem to be one step ahead. So we still need to get better at preventing and detecting these threats.
Some of the challenges organizations face include lack of expertise/talent, security budgets ( which sometimes is a result of not able to understand and highlight the risk to business to stakeholders, board), and technologies itself, where we are still away from being fully autonomous and intelligent.
A majority of the security products have evolved to address a specific pain point, so today organizations have a lot of different tools and technologies to address various security needs. But all these tools don’t necessarily talk/understand each other, which is still a challenge. Solutions like SIEM/XDR are trying to address this but it still needs more work.
As we discussed earlier, the enterprise boundaries are disappearing/expanding, so applying, monitoring, and measuring security consistently across is a challenge. Third-party and supply chain risks are also increasing and need to be addressed. Also, to be able to bring in all this information from across all these various entities and be able to create a unified view of security is still a challenge.
How do you ensure scalability and future-proofing of the security and therefore the digital initiatives of your customers?
The more businesses go digital, the more they expose themselves to cybersecurity risk. Therefore, the adoption of the security framework, automation, continuous measuring, and monitoring are the ways to remain scalable and future-proof your business. Plan to invest in new skills, tools, and technologies to address changing security needs and scenarios. Including security early in your transformation journey is important. Due diligence from a security perspective and adopting privacy by design right from the initial design stage will go a long way to achieve better security.