Cloud adoption will make the CIO's role more strategic

by Sharon Lobo    Apr 15, 2011

Ekta Aggarwal
In India, CIOs have always doubled up as CISOs, however with the fast changing security landscape, businesses now realize the need to have dedicated CISOs. At the recently concluded, “India Enterprise Security Summit 2011″, CXOtoday spoke to Ekta Aggarwal, Program Manager, ICT Practice, Frost & Sullivan, on the changing role of the CIO and the how Indian businesses are gearing up to meet the security challenges. Excerpts.

How is the security landscape changing in India?
The network security market has grown to get commoditized, especially in the firewall segment. Additionally, there has been a lot of consolidation that is happening in the security market. However there is a lot of scope as far as the network security is concerned, as we are seeing a lot of trends emerging in the wireless security space, web firewall application etc.

In India, usually it is the CIO/CTO who also doubles up as a CISO. Do you think that with the security landscape changing, businesses now feel that there is a need to appoint a dedicated CIO?
Predominately, such changes are set by global organizations as they need to adhere to a lot of legislations set by governments and industry bodies. Also, the role of the CIO itself is evolving considering the emergence of social networking platforms, virtualization, cloud computing etc. Apart from this trend, there is a lot of collaboration in security that is coming to the forefront. All these trends are leading to the CIO, now being known as the Chief Innovation Officer or the Chief Integration Officer rather than the traditional Chief Information Officer.

In India, most businesses, especially SMBs, have a reactive approach rather than a proactive one when it comes to IT security. However, as the types of security threats evolve, do you see a change happening in this mindset?
A lot of SMBs are adopting a UTF (Unified Threat Management) system, which is not only advantageous in terms of cost of ownership but also offers ease of management. Also, SMBs are excited about adopting technologies such as cloud computing considering the huge cost benefits it offers. Though security concerns surrounding the cloud deter SMBs from adopting it in a big way, however, they do realize that they need to scale up security at their end too.

With the increase in the adoption of the cloud, will it render the CIO being just being a mere figurehead?
Cloud as a concept has just been initiated and there is a long way to go. Even if the cloud takes a centre stage in India, we do not see the entire business model to shift completely from a CPE-based model to a cloud model. Probably, it may happen otherwise in small businesses or green-field projects. But overall we will see a hybrid model. Here I would also add that in India, the approach to security has always been a top to down one, hence the CIO will be the key person, with his role changing from being a tactical one to a more strategic one.

Finally, do you think Indian businesses are on the right track when it comes to securing their IT?
Neither a yes nor a no would be a perfect answer! However, there is still lot of scope both for the vendors as well as the users. And this trend will only continue to grow in the future, with the advent of new platforms and emerging technologies.