Making A Shift To Human-Centric Security

by Sohini Bagchi    Dec 28, 2017


It is impossible to overstate the importance of information security, privacy and risk management in organizations. CIOs and CISOs today are constantly addressing these new security challenges, especially in a world where traditional network perimeters are shifting. However, it is clear that many challenges remain unaddressed. This is particularly so in terms of the human aspects of information security, which is often overlooked.

Cyber security spacialist, Forcepoint believes that the future of cybersecurity centers on understanding the behaviors and intent of people as they interact with each other, and with critical data and IP. Praveen Asthana, CMO, Forcepoint in an exclusive interaction with CXOToday explains the shift in focus towards people, rather than technology infrastructure, and explains the role the vendor is playing in today’s threat landscape.

CXOToday: Can you tell us about Forcepoint’s recent brand campaign with the focus on human centric security. Why did the company choose to focus on this aspect of security?

Praveen: The most fundamental challenge to the future of cybersecurity rests in the ability to control data as it moves in and out of the organization’s possession while employees seek to use it on-demand, everywhere.

Instead of emphasizing technology to protect a perimeter that no longer exists, security must focus on the cyber behaviors of people and protect against those behaviors that are known to lead to critical data and IP loss. This approach requires both intelligent systems and transparent collaboration between an organization’s stakeholders.

Observing cyber behavior allows security professionals to determine a baseline for normal, which then makes it possible to identify the risky actions that lead to data loss. Understanding intent can differentiate an accidental insider from someone maliciously planning a security incident.

A cybersecurity program that can make sustainable progress exists only with a blend of technologies, policies, cultural changes and intelligent systems. These systems must be capable of observing behavior and deciphering intent in order to proactively protect users, critical data and, most importantly, the point at which they intersect. Such systems include products that can be easily integrated to provide a comprehensive view of risky behavior and mitigate risks many steps before they turn into breaches.

CXOToday: What technologies would you advise companies that are adopting a human-centric approach to cyber security approach?

Praveen: What we are doing is bringing together a number of technologies, to work as a system. AI is definitely one of the technologies, part of our analytics for UIBA (User Identity Behavior Analysis. The way we look at it is; there are three main components to our system. One is accessory component which is sensing things. The second is analytics or brain if you will and the third is enforcement component. The channels for sensing is a brain which is the analytics and understand how to apply risk to what the sensory information is and then there are channels for enforcement to prevent data from leaving the company.

We build those three things in our system. So, we have multiple channels for sensing, including next-gen firewall, web emails, there’s all channels for sensing information. Then we have channels for enforcement like DLP, CASB. So, that is the simple way of looking at our system.

CXOToday: Can you tell us about the changing role of CIO and CISOs in cyber security?

Praveen: I would say that the CISO’s role is becoming more important and broader for a couple of reasons. One is that cyber security is a first class problem; the companies are become increasingly digital where cyber security issues are also on the rise wherein they have to protect their digital assets. The second thing I see happening with the CSO’s is that they have in some ways have a broader landscape to protect than the CIO. The CIO typically is worried about the infrastructure that they have purchased and they don’t worry about what is protecting cloud or managing the infrastructure of the sales force or anything like that. At the same time the CIO is managing a smaller part of the infrastructure because the company is using more cloud or SaaS applications which the CIO does not control. The CISO’s on the other hand has responsibility for the data no matter where it is stored. So, even if the data is stored in Amazon or in sales force, it is the CISO’s responsibility to protect that area. That is how it is changing is some ways.

CXOToday: As a CMO of an organization, how do you think other CMO’s, CXO’s roles are also changing with the cyber security landscape?

Praveen: I would say the other C-suite members are not yet changing enough. I think they need to wake up and start changing more, because they are assuming that somebody else is worrying about the security and I think that security awareness needs to be something that every person in the company needs to have. It cannot be compulsory to just one group of people.

As a CMO, most of marketing is becoming digital, I have to worry about our customer names and our customer lists and protect them because if somebody steals our customer names it is a major risk to us from both from a business perspective and a regulatory perspective. So as a CMO I have to be aware of the fact that I have information that can be compromised and make sure that I am following the security hygiene. I think the c-suite needs to wake up as I don’t think they are looking at it.

CXOToday: What are the key cyber security trends you see in 2018, that the C-suite should take a note of?

Praveen: Well, there is definitely an increasing migration to cloud computing, so decentralization of where the data is stored is one of the key trends.  Data is not going to be just inside your walls. I think privacy is going to become a big trend where individuals are going to expect from the companies that have data about them, protect it. Equifax breach recently, a lot of data about consumers were stolen. So the consumers and employees are going to demand that their data be protected, which is something you will see a lot of next year. Then, there is a big trend around IoT and its impacts in terms of security.

CXOToday: What opportunities do you see in the Indian market? What would be your roadmap in the next one year?

Praveen:  India is becoming very cyber aware. For a lot of the CIO’s and CSO’s, this is becoming the top of mind topic “cyber security”. Part of it is because that the Government has made some regulations about data protection and the need for having CISO’s, at least in the financial industry. India is definitely becoming much more aware about that. For Forcepoint, India is a very important market and is one of our best markets in Asia and we are definitely going to continue to invest to grow here in India.

At present, we have sales offices in Mumbai and Delhi, we have technical operations and support in Chennai. Overall in India we have a presence and would heavily invest in various functionings in the next 12-18 months.

CXOToday: With a flurry of IT security players in the market, what’s your winning strategy? In other words, what do you think sets you apart?

Praveen: As I mentioned before, it is the human-centric approach in cyber security that sets us apart. It is a much differentiated approach as we are helping companies focus on data and people and how they interact in a much simpler way to address the issues related to self-defense by blocking threats. Finally, in the changing world, it is time to re-think cyber security and the challenge is to re-think their approach by moving away from the old practices and creating a new winning strategy in the new world.