As the CISO of Capillary Technologies, Shailendra Singh is responsible for the overall security function. This involves strategic planning, debriefing with senior management on critical security-related events, evaluating security posture, assessing current risk profile, and defining action plans for any major security-oriented activities.
Regular operational reviews involve overseeing execution of action plans and activities such as client, external and internal Audits, reviewing the performance of various departments on security metrics. Internal infosec activities include reviewing the progress of regular security operations along with mentoring and training of the InfoSec Team.
The most important and critical aspects of a CISO’s job role in Capillary is to prioritise client assurance, rapidly respond to any security events and incidents, constantly evaluate risk profile of the organisation, maintain a watch of newer threats and adapt security activities to the changing organisational and technical environment.
Demands of daily operations
The typical challenges faced by a CISO in large and medium enterprises are budgetary constraints since security technologies are quite expensive while the incremental benefit in risk mitigation may not justify such expenses. Organisations need the newest security technologies implemented, while prioritisation and implementation are practical roadblocks since resources available for these activities are limited and need to be utilised efficiently.
Finding a balance between having adequate levels of security while permitting ease of operations is another constant challenge. Higher levels of security tend to make it difficult to perform business operations conveniently and quickly.
The key skills required for an ideal CISO include a high level of understanding about the impact of security on business operations, possessing globally recognised security certifications which provide the necessary knowledge foundation, an ability to handle operations while also being capable of understanding technology, and a high degree of people management skills for handling internal and external stakeholders such as clients, internal management and external auditors.
Digital transformation, pros and cons
The use of digital innovation in eliminating manual effort, replacing traditional methods through the use of more efficient, operationally enabling and cost-effective methods and using newer technologies, which rely on digitising operations is one way to define digital transformation.
Digital transformation enables organisations to scale up their business multiple-fold without incurring the inherent cost of building additional capacity, which may be in the form of people, inventory, effort, time or resources.
Digital transformation as it has been implemented within the security function of Capillary, involves almost 100% paperless work, real-time collaboration with internal and external stakeholders, and the use of progressive security technologies to reduce our risks. In terms of opportunities, cloud technologies, mobility and IoT have increased the output from every single resource. These resources are not only people assets, but also server architecture, local IT environment and mobile apps. Interconnected technologies seamlessly work towards serving clients in a more integrated and fluid manner, allowing for faster turnarounds and more effective outcomes.
Digital transformation reduces the time it takes to evaluate and assess risks. It also reduces the time-lag between risk identification and steps taken to mitigate those risks. The specific steps that need to be taken for risk mitigation involves decision-making about the available alternatives and their associate costs. An ideal security posture is achieved when all these activities are made more efficient through the implementation of digital transformation.
Exposing the digital workspace
Digital transformation has increased the surface areas available to malicious elements for attacking us. While in an earlier era, the periphery of an organisation’s network was the boundary where attacks could be stopped, this has changed now to an individual endpoint such as the computer of the employee. This means while earlier organisation’s were required to protect the perimeter, now they need to focus on securing each individual employee.
Wide spread adoption of cloud technologies is another way in which the surface area has increased significantly. Organisations need to focus on protecting the cloud infrastructure and the communication channels in addition to the office network and employees. Availability of multiple modes of communication to employees has increased the various ways in which they can be attacked, whether it is email, mobile, chat or online storage solutions.
Securing e-commerce
An e-commerce platform of any company is a public-facing entity, which is not only a place for conducting business, but also a way to build and maintain a brand image. Consumers are increasingly adopting digital methods and shifting their purchasing habits from offline to online. This makes it a requirement for retail organisations to have an online presence, but this also makes them vulnerable to being attacked digitally. And since the impact of a successful online attack is instantaneous and widespread, the security focus on an ecommerce platform provider such as Capillary cannot be underestimated.
Ecommerce websites experience a higher probability of being attacked and the impact of a successful attack is much higher, both financially and on the brand image of the owner. A higher probability and impact of attack increases the risk assessment score for an ecommerce platform.
Capillary prioritises security treatment of higher risk assessment scores to ensure that more in-depth risk mitigation treatment is undertaken to bring down residual risks within acceptable levels. A client who cannot be assured that their website is secure, cannot focus on their core functions of business. Capillary understands this need and focuses more intensely on ensuring security for its ecommerce platform. This is best indicated by the fact that Capillary is PCI DSS certified, which is a very stringent organisational security standard specifically focused on the security of ecommerce environment.
Key takeaways
- A client who cannot be assured that their website is secure, cannot focus on their core functions of business.
- Ecommerce websites experience a higher probability of being attacked and the impact of a successful attack is much higher
- Higher probability and impact of attack increases the risk assessment score for an ecommerce platform.
- Finding a balance between adequate security while permitting ease of operations is another constant challenge.
- Higher levels of security tend to make it difficult to perform business operations conveniently.
- Digital transformation reduces the time it takes to evaluate and assess risks.
- Digital transformation reduces time-lag between risk identification and steps taken to mitigate those risks.
At Capillary Technologies, Shailendra Singh must protect the organisation and its employees, but more importantly must extend due diligence exercised on-site into the customer’s workspace.