Empowering Digital India with Data Safety
Date: Thursday , October 20, 2016
Headquartered in Sunnyvale, CA, Seclore is a product company offering Enterprise Digital Rights Management solutions that enable organizations to control the usage of files wherever they go, both within and outside of organizations\' boundaries.
In today\'s digital age, no country can afford to ignore the strategic aspects of digitization. Embracing digitization, especially for a country as young as India, can reap spectacular benefits. The experience of other developing nations clearly shows that increased digitization - e.g. paperless governance - can lead directly to better quality of life and better delivery of public services.
The Modi government\'s \'Digital India\' campaign has made all the positive noises so far. However, one aspect of process and information digitization is often ignored - Security. Digitizing data makes it easy to use and share, but it also makes it easy to misuse and leak. While India is attempting to catch up with international norms regarding digitization, the same is yet to be seen for data security and privacy. For example, India still lacks a robust enforcement framework for the Information Technology (IT) Act and other privacy rules.
In recent years, regulators (particularly in financial services sectors) have been active in forming working groups and issuing guidelines on technology and security strategy. RBI, for example, recently released stringent new guidelines and recommendations on cyber security. A few years ago, it released the much-touted \'Gopalakrishna Report\' which placed heavy emphasis on Information Security. Other regulators such as IRDA will hopefully follow suit.
For other industries such as automobile & auto-ancillaries, aviation, manufacturing, retail, and others, there is hardly any similar regulator-driven initiative to speak of. This puts these industries and their customers at high risk of data breaches. It would be short-sighted to ignore these industries for the vision of Digital India or Make in India. A relative lack of regulatory oversight for data security can hinder digitization as indigenous manufacturing - not to mention exports. Hopefully, Digital India and Make in India would help introduce the much-needed regulatory disruption in these industries.
New Paradigms Call for New Security Measures
Software vendors globally have already recognized this challenge, if not fully, and stepped up to it. One useful tactic has been to introduce security features as part of the core software and not just as an add-on or a plugin. This started slowly in the 90s and has now become so ubiquitous that nobody even realizes it. Users simply assume that every software, right from a word processor to a messaging app, will have built-in security features out of the box. Why not apply the same principle to enterprise software - and by extension to the entire IT infrastructure of an enterprise? Why shouldn\'t every IT enterprise solution be made \'security-aware\'?
Of course one might argue that almost any IT enterprise product today - be it an ERP, ECM, or a core banking system - already has built-in security features. However, what about the security of the data after it has left such a system? For example, when data is downloaded from SAP, it is rendered completely vulnerable to all sorts of threats. The data inside and outside SAP is the same, but the data security policy applied to it in both cases is completely different (and almost non-existent in the second case). And when data actually goes outside the corporate network altogether - to vendors, partners, or consultants - the consequences can be even more serious.
For example, think of all the hundreds of printing vendors and business partners of a typical Indian bank. All these third parties receive confidential customer data and PII (Personally Identifiable Information). The day is not far when customers will start suing banks under the IT Act for failing to secure this data.
Enterprises need security that goes beyond enterprise borders. Securing just the perimeter or the device where the data resides is no longer an option. What you truly need is a solution that secures your information regardless of where it resides - anywhere in the world. And in this flat, collaborative, and hyper-connected world, it is impossible to monitor all the systems and devices used by everyone. How many devices will you control? How many platforms will you secure? How many vendors will you audit?
The simplest way to overcome this problem is to make data security data-centric. Data-centric security such as that offered by Rights Management solutions offers numerous unique tangible benefits:
Monitoring and auditing of all data assets - including copies located outside the network.
Security policies and controls defined for the data itself - and not for the systems or the infrastructure holding it.
Full-proof data security even for data resident on the cloud and on mobile devices.
Best-in-class data-centric security for emails and the power to revoke access remotely.
Automatic protection for data downloaded from enterprise applications such as SAP, SharePoint, Salesforce, transactional systems, and others.
Automatic protection and monitoring of data discovered by DLP or eDiscovery tools.
Extending the reach and impact of perimeter-centric tools such as DLP to areas beyond the enterprise network.
Reduced dependency on audits and physical checks for vendors and service providers.
Freedom to use any system, applications, data formats, cloud-based file-sharing service, or mobile device (BYOD) of your choice - without affecting data security.
Shadow IT is not being a problem anymore, since data will be secure wherever it goes
Full compliance of related aspects of the IT Act, RBI guidelines, ISO 27001, and PCI-DSS - even when data resides outside on external or public networks. Automatic data-centric governance and analytics which is truly global (e.g. SIEM and BI integration).
Data security cannot be restricted to securing only selected networks, computers, or devices. It has to secure data wherever it goes, and that security has to be agnostic of the storage mechanism or the transmission medium of the data. The only choice is to make security an underlying layer of the IT infrastructure, rather than just an add-on. Only then can Digital India be Digitally Safe India too.