Moving From IT-Driven to Business-Driven SecurityRSA's Kartik Shahani on How Organizations Are Taking a New Approach
Organizations are slowly shifting from an IT-driven to a business-driven approach to information security, with a focus on minimizing disruptions, says Kartik Shahani, managing director, India and SAARC, at RSA.
"The security landscape is at a stage today where whatever you do, things don't seem to work the way they are supposed to," Shahani says in an exclusive interview with Information Security Media Group. "You then want to sit back and say, 'Can I do something better with the resources at hand?' And that's the big change we have been seeing across the globe. People are relooking at the way they want to put in security solutions."
CISOs have been focusing too much on preventing different kinds of threats. They are now understanding the need to start looking at it from a business risk perspective, and go beyond the solving the problem from the IT side, he says.
"The management and board are ... asking: Is our business going to be disrupted? Do we have a risk of our customers being compromised? Is the brand protected? The business side is looking at continuity. The IT side, on the other hand, is looking at preventing incidents." (See: Talking Security to the Board)
Some of the major issues practitioners face include achieving a pervasive view across all the platforms being operated, measuring the efficacy of the point-solutions they have implemented and assessing how well these integrate. They also need to understand if there are any gaps between these solutions. Robust access control and analytics are going to be the next wave in security in the coming year, he says.
In this interview (see audio player link below image), Shahani also discusses:
- The challenges Asian practitioners face;
- The changing nature of the security market;
- How security in Asia compares with other markets around the globe.
Shahani is regional director at RSA. Based in Mumbai, he is responsible for leading RSA's business operations in the region. He previously held senior positions with McAfee India Sales Pvt. Ltd. and Netmagic.