Seeing a huge uptick in demand, Tata Communications is currently sharply ramping up its managed security services portfolio by grooming more cybersecurity talent and expanding its security operations centre (SOC) footprint in India, APAC, Middle East and Europe. Avinash Prasad, Vice President, Managed Security Services, Tata Communications, shares how his firm is looking to become a managed security services provider with global standing by 2020
How do you see the present digital transformation journey within enterprises?
Organisations today are embarking on their own distinct journeys of digital transformation as advances in new technologies like 5G and AI change the face of business. There is a common misconception that security may hinder innovation and limit the rate at which organisations can transform. The reality is that failing to factor in security at the outset of a digital transformation journey increases risk from outside threats and greatly multiplies any downstream costs of ‘fixing security’. Periods of digital transformation should be seen as an opportunity to strengthen security in parallel with transforming your business. For instance, the cloud today stands for Infrastructure agility and orchestration is an important service enabler for that – but, in my view, a holistic perspective on cloud orchestration means speed and agility combined with security and compliance, not devoid of security.
It’s clear that the landscape of digital threats has seen considerable advancement in recent years but organisations continue to feel very challenged in this area and top management confidence is low around cybersecurity posture. This may be due to the fact that many organisations are still using outdated methods of protection that focus too heavily on blocking and prevention mechanisms. These methods are decreasingly effective against the advanced threats from today’s motivated, advanced hackers. There is no such thing as an unsinkable ship, and there is no such thing as impenetrable prevention against attackers.
What are your strategies to combat security threats?
Tata Communications is rapidly gaining customer attention and mindshare as a strong player that is strategically building service platforms to drive managed security services execution better in line with customer needs. We roll-out value-added platforms that help customers with ease of managing diverse tools, better service assurance and visibility.
Our comprehensive managed security services portfolio looks at data and information across its lifecycle across environments and aims to protect the same. We deliver security for the cloud and from the cloud to global enterprises helping them effectively manage business risk in today’s digital economy. Our proven cloud-based security approach ensures the intelligence, scalability and flexibility demanded by today’s businesses. Keeping in mind the ever-changing security landscape, we have built robust capabilities in risk and compliance, cloud security, identity and access management, data security and privacy, threat management supported by analytics to predict cyberattacks and ensure network & infrastructure security. We bring all aspects of this offering as a service on 24×7 basis, to help our customers fight cyber threats.
Security is no longer just what organisations put in place at the outset and then keep aside. It needs continuous management, and adapting to the current scenario of the market. We are helping our customers work through the changes they see and supporting them on a constant basis.
In terms of cybersecurity, what were some of the major developments that happened in the past year?
Last year saw the continued trend of sophisticated and penetrative attacks leading to major consequences for large and respected businesses like Equifax and Uber. It highlighted the continuing gap between the threat scenarios and existing security capabilities in many enterprises. At the same time, it was not all doom and gloom as we saw more adoption of solutions and services by customers that go beyond the traditional view of security and look to proactively visualise advanced threats.
Looking forward in 2018, the trends we are seeing globally are similar to what we’re seeing in India. Security breaches will now increasingly be thought of as inevitable, rather than something that can be avoided. As a result, the focus is shifting from prevention to defence coupled with response and recovery. The widespread adoption of smart technology, smart city initiatives and the Internet of Things (IoT) have made safeguarding customer data even more important.
In addition, as technologies progress, the skills required to deal with cybersecurity needs are also changing. The challenge is to train cybersecurity professionals so that they can deal with threats as quickly as possible and also adapt their skills as needed.
At Tata Communications, our investment in cybersecurity is part of our commitment of helping our customers tackle the growing threat of cybercrime worldwide. The more connected enterprises, devices and applications there are, the more vulnerable businesses become. We encourage our customers to build security within their IT estate and then logically extend it to other domains like OT and IoT – spanning marketing, HR, supply chain and customer services, and so on – from the ground up, using their network as the foundation, instead of retro-fitting piecemeal security products as new threats emerge.
What are your plans for the India market in 2018?
We are currently sharply ramping up our managed security services portfolio by grooming more cybersecurity talent across our service delivery and expanding our security operations centre (SOC) footprint in India, APAC, Middle East and Europe. This is in addition to making significant investments in enabling the platforms that support our offerings. We are establishing a global presence that provides customers advanced insights on cybersecurity threats. We recognise that the finer nuances of security attacks are often best understood in terms of local geography, which is why we are also looking to expand our services across the world.
At present, we have a team of over 250 cybersecurity experts – out of which 80% are in India. We have had upwards of 50 per cent year-on-year growth in security services and we expect that to continue. Our vision for 2020 is to become a managed security services provider with global standing.
How do you see AI becoming useful for the cybersecurity industry?
While some emerging technologies such as mobility and IoT are double-edged swords in the cybersecurity space, the advent of AI has definitely helped security professionals discover patterns of attack before they become a full-blown breach. I believe AI holds tremendous potential to help boost defence against hackers. For example, while there is an increasing threat of AI-enabled attacks, AI powered threat analytics could also help to speed up the process of identifying potential risks. AI is set to be so integral to cybersecurity in future that it is estimated that the global AI security market will reach $18.2 billion by 2023, according to a recent report. Similarly, while the expanding network of connected IoT devices opens up more potential security threats, the vast amount of data generated by IoT technology could actually help researchers spot security flaws.
In your opinion, what would be the top security trends of 2018?
As we settle into 2018, businesses need to remember that transformation is a journey, not a final destination – and the same goes for cybersecurity as it needs constant investment and focus. While the focus with digital transformation projects is often on boosting flexibility and operational agility, lowering costs and creating more seamless customer experiences, the availability and security of data and applications is critical to any new, enhanced ways of working. Not only do security measures need to be built into technology from the start, awareness should be ingrained into company culture, while significant investment is also essential.
Some broad cybersecurity trends that we’ll see in 2018 include:
Shift from prevention to analytics: In 2018, security breaches should be thought of as inevitable, rather than something that can be completely avoided. Businesses must talk openly about vulnerabilities, promoting awareness and accountability. Resources that are currently focused on prevention only need to be adjusted towards analytics, which is aimed at better understanding of data traffic and information flow pattern, helping identify anomalies for timely detection of and response to potential security hacks.
Security ecosystems aided by the cloud will drive next-generation security: As cybersecurity needs and regulations evolve, businesses will need to strategically utilise an ecosystem-based approach by using security capabilities from the cloud rather than depending on ‘in-house’ or ‘on-premise’ systems only to access next-generation frameworks to minimise risk. Not only will these need to support today’s requirements, they will also be designed to cope with disruptions caused by emerging technologies.
Cybersecurity skills will continue to evolve: Currently, the lack of skilled personnel is one of the biggest factors preventing organisations from having a proactive response to advanced threats. Moving forward, it’s up to governments, universities, schools and businesses to collaborate in order to bridge this substantial skills gap.
Emergence of platforms to amplify the SOC engineer: The current limitations of security skills and manpower will be somewhat mitigated by the tools and platforms that are being developed to enable the SOC analyst to match the speed and incisiveness of attackers.