siliconindia | | September 201719Data security needs to be redefined and classified into multiple quadrants based on their confidentiality, as there is a need to redefine what is confidential and what is shareablecompromised. So far, there is no common mechanism to control multiple devices working on varied operating systems. There needs to be new methodology for implementing IT applications and devices and also data management.Also, data security needs to be redefined and classified into multiple quadrants based on their confidentiality. There is also a need to redefine what is confidential and what is shareable.Privacy rules need a complete makeover since traditional norms no longer hold good as people are putting crucial information like PAN and Aadhar numbers without thinking twice. It is like casually giving away your passport number and by doing so critical and confidential personal data is getting stolen. If this data falls into wrong hands, they can create a fake IP address or related data.Now we are using a number of apps, and while using them, we are inadvertently giving away our mobile number through these applications. The business models of some firms are weaved around selling this data. This data will go as a lead to say insurance companies or other firms. So, when you get some kind of a query, mail or a call, you have to be really vigilant. This is because data is getting continuously recycled. Most important thing is customer awareness that prepare them to how to respond to such unsolicited queries. We should be responsible for the safety of our own assets and information. We should have some kind of mechanism to cross-check information.Everyone is disclosing privacy and data unwittingly. Unfortunately, this is not getting highlighted. Public awareness on such things should be given priority. Educating customers about keeping their privacy is an imperative. UIDAI has sent out circulars on who can use their data. This is a right step as far as data security and privacy is concerned. For this, customers have to do some introspection. Rapid changes in technology systems have played havoc in all these cases. When we make rapid changes, we have to expect rapid collapse also. Today, the theory is: if you act fast, you fail fast. Technology at end of the day is not 100 percent `fail-proof'.Due diligence of technology is another important matter. Regulator may say you should have a testing and system audit. They may come out with written down procedures. It is the responsibility of respective organizations to have their own due diligence done before implementing the technology.Apart from redefining security standards, it is also important to monitor their performance and their rapid dissemination. In Kerala, there are organisations such as CyberDome. CERT is giving advance alert to many organizations. Today, regulators have an extra eye. Stock exchanges in the country sent alerts to brokers on `WannaCry' virus. Such alerts help put control in the system. Regulators are doing a good job. But they have their limitations too in the form of issuing only alerts and certain procedures. It is the organization's responsibility to make the technology `fail-proof'.Introduction of standardization for technology and devices is an unchartered territory since innovation always breaks standards and methodologies and in that sense disruptive. FinTechs must be careful on this and must develop non-technical skills also. The moral of the story is that firms should be more vigilant on security standards and procedures. And, customers on their part should drop their casual approach in sharing vital statistics. A Balakrishnan
< Page 9 | Page 11 >