India Insights with Suparna Goswami

Blockchain & Cryptocurrency , Events , Governance & Risk Management

Mumbai Security Summit: The Hot Topics

Blockchain, IAM, OT and Other Timely Topics Discussed
Mumbai Security Summit: The Hot Topics

Blockchain, ID and access management, OT security and boards' roles in cybersecurity were among the hottest topics topics discussed at Information Security Media Group's Security Summit in Mumbai on Nov. 29.

See Also: Panel | Realities of Choosing a Response Provider

Although blockchain is getting plenty of marketing buzz, it's important to discern appropriate use cases, said summit speaker Rohas Nagpal, chief architect, blockchain, at Primechain Technologies.

"In most blockchain implementations, whatever data you are putting on blockchain is going to be visible to all nodes. So putting a password or sensitive data on blockchain not a great idea," he told the audience.

"You can't just implement blockchain and forget about security altogether," he stressed.

ID and Access Management

Meanwhile, many organizations continue to struggle with identity and access management.

Charanjit Singh Sodhi, executive director and head of identity and access management at Nomura Wholesale, described what an effective IAM policy framework must look like.

"Policies around identity and access management must be framed by the IT team in consultation with the business," he told summit attendees. "Also, service-level agreements for access-related activities must be clearly defined, taking into consideration the risk appetite of a firm."

Bridging OT Security Gap

Another speaker, Kaustubh Medhe, head of the cyber defense center and head of SOC at Reliance Industries, outlined the many challenges that security practitioners face when operationalizing threat intelligence for OT.

"OTs operate with a lot of legacy infrastructure. Many OT devices don't have the capability to capture relevant logs for OT. Also, OT is not designed for SIEMs," Medhe said. Among his key points:

  • OT security needs dedicated governance, resources and support;
  • Supplier risk governance and engagement is imperative in improving OT security;
  • Closer collaboration between IT and OT staffs and threat intel sharing will greatly benefit OT security management.

Security as Boardroom Issue

While cybersecurity has become everybody's concern, there's no denying the fact that there's a gap between the boards' expectation and reality.

Sameer Ratolikar, CISO at HDFC Bank, remarked that although boards are discussing cybersecurity, businesses need to have realistic expectations for the security team (see: Dealing With Cybersecurity in the Boardroom).

Keynoter Bhaskar Pramanik, board member of State Bank of India and former chairman of Microsoft India, stressed that boards can no longer afford to ignore cybersecurity. Plus, he concluded that in times of crisis, boards need to recognize that the operating teams need adequate time to work on getting operations restored.

Compliance Issues

As India prepares for potential enactment of a new data protection law, cyber lawyer and advocate Vaishali Bhagwat said that far too many organizations still aren't aware of the details of existing laws, including the IT Act 2000, which addresses privacy issues. And despite repeated requests by CERT-In, few companies are reporting breaches to that organization.

The speakers at our summit vouched for the fact that data breaches and cyber threats cannot be fought with technologies and legal help alone; cybersecurity requires the support of all the functions, particularly buy-in from the board. "It is not and can't be the sole responsibility of the IT security team to fight cybercrime, as the board is definitely the fourth line of defense," Pramanik said.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.