Governance critical to organisational data security

0
1
data security

Hyderabad: The Association for Data and Cyber Governance (ADCG) has recently appointed Sowmya Teja Kandregula to its Advisory Board. He is the first Indian and the youngest advisory member of the Board, which is led by a former chief information officer in the White House. Sowmya Teja has vast experience in data governance, privacy, security and regulatory compliance across India, US, UK and Singapore. He discusses with Y V Phani Raj the changing landscape of data governance and cyber security.

Excerpts

Data governance

With the global corporate landscape moving towards a data-driven decision making paradigm, data governance is transforming into a core business process. It is the initiative an organisation takes to create and enforce rules and policies regarding its data to ensure its integrity, confidentiality and accuracy. I envision data governance gaining prominence globally across all industries and particularly in heavily-regulated industries such as finance, banking, healthcare and insurance. Designing good data governance requires stepping back from day-to-day decision making, focusing on identifying the fundamental decisions that need to be made and who should be making them.

Investing in cyber security

This is an area of enormous concern. Data breach incidents affect the organisations from a financial and investor/public trust standpoint. Also, they are subject to arduous legal and regulatory scrutiny. Most often the reaction comes aftermath to an incident. While many organisations are cognizant and prudently invest in cyber security, in my opinion, they fail to understand that investing in cyber security is an ongoing activity and not a one-time outlay.

Intelligence sharing

Sharing cyber intelligence and data insights among nations would be of great help in countering the cyber-attacks. The Petya and NotPetya (ransomware) attacks of 2019 are reminders of what can happen. However, to the degree that there is some sharing happening, it is amongst a select few countries and it is a fractured degree of sharing. The most obvious reason is that intelligence and incident sharing is now part of geopolitical competition and where it occurs is along geopolitical alignments. Differences in digital dependencies and systemic vulnerabilities that exist among countries also impact sharing, besides the sophistication to consume and act on the intelligence and incident.

Talent pool

Creating a large talent base of cyber professionals is the wrong solution to the problem. The reason is that we will never be able to educate, train or develop enough cybersecurity professionals whose job would be to protect intrinsically vulnerable systems. The supply cannot match up to the demand unless the engineers whose job it is to create the technologies learn and implement intrinsically secure (not vulnerable) systems and not just at the component-level but at the system-level. The system includes the end-devices, end-users, connecting systems, communication & transport systems, data and applications. Security cannot be developed at the end devices alone and expect that security to be persistent through the full system use. We should address the vulnerable digital systems.

Role of ADCG

ADCG was formed as a forum for people with different backgrounds and roles in data and cyber governance to have a place to collaborate and share intelligence about these disciplines. Data governance has matured. We need to understand at every level of an organisation that data is the lifeblood of the digital world and it needs governance and wisdom for how it is used.

Future roadmap

I see the development in cyber space as the start of achieving “speed” and “scale”. Countries including India can start by further strengthening internal capabilities that start with the policies that will govern its progress in cyber space and the enabling infrastructure such as the radio access networks and its mobile carrier networks. There should also be efforts to form international alliances to establish norms of behaviour. The scientific push to keep pace with the developments in cyber space will happen naturally in India as it is among the countries where there is already R&D capability and investment to build from.


Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.

Click to follow Telangana Today Facebook page and Twitter .