Increasing use of digital technologies and at the same time proliferating cyber threat incidents are compelling organizations to rethink their digital security practices. Technological shifts in security such as using a simple magnetic stripe for credit card and debit card transactions to a two-factor authentication using OTP and EMV clearly show that the need for advanced identity and data protection solutions has becoming more critical than ever in the complex threat landscape.
While several companies are working in the enterprise security space, a name that stands out is digital security provider Gemalto that has already created a niche for itself by offering customized products and solutions such as online authentication, e-Banking, EMV chip cards and mobile financial services across various sectors. The security company present in India since 1996, has come a long way helping enterprises and government in protecting, verifying and managing digital identities and interactions.
In a recent interaction with CXOToday, Rana Gupta, Vice President, Asia Pacific, Gemalto,discusses India’s digital security landscape, impact of GDPR and its regulations on enterprise security and the company’s role in the security ecosystem.
CXOToday: Could you tell us about the current digital security landscape in India?
Rana Gupta: As per the recent ‘Gemalto Breach Level Index Study’, over the past five years nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised globally every day.Of the 29 data breach incidents in India in 2017, identity theft represented the leading type of data breach, accounting for 58% of all data breaches.Companies in the healthcare, retail, government and financial services sectors were the primary targets for breaches last year. Enterprises today are increasingly moving away from the traditional way of doing business to online and mobile transactions, which calls for a greater need to have more stringent security measures to make them safer.
CXOToday: Could you please share Gemalto’s role in providing security and its breach prevention strategy?
Rana Gupta: Gemalto offers a comprehensive portfolio of data protection solutions that provide digital security to enterprises across tenants and geographies. With organizations becoming more mobile and breach epidemic growing, the need for advanced identity and data protection solutions has become even more critical. Gemalto’s solutions help enterprises in protecting, verifying and managing digital identities and interactions. Solutions such as Gemalto’s Identity and Access management (IAM) allow organizations to address their evolving needs around cloud applications & mobile devices. It also enables enterprises to secure access to online resources and protect digital interactions of employees, partners, and customers. As corporate data assets grow, data encryption is a critical last line of defense. Encryption applies security and access controls directly to sensitive data. Gemalto’s portfolio of encryption solutions delivers data protection at all levels. The solutions are built to support virtualized environments and they enable centralized governance and management of sensitive data, applications, and systems across on-premises, hybrid, and cloud environments.
CXOToday: What are the CIO’s top concerns with securing data in the cloud?
Rana Gupta: As per a recent ‘Gemalto and Ponemon Institute Study’, 83% enterprises in India think that managing privacy & data protection in cloud environment is more complicated than on premises networks. While it’s good to see that enterprises in India are taking the issue of cloud security seriously, nearly 50% of enterprises believe that cloud makes it more difficult to protect data when the opposite is true. A vast majority of global companies (95%) have adopted cloud services and there is a wide gap in the level of security precautions applied by companies in different markets. Organizations admitted that on average, only 40% of the data stored in the cloud is secured with encryption and key management solutions. The study also highlights that organizations in India (73%), US (73%) and France (82%) believe that the management of user identities is more difficult in the cloud. Also, half of global organizations believe that payment information (54%) and customer data (49%) is at risk in the cloud.
The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. No matter where data is, the appropriate controls like encryption and tokenization need to be placed at the source of the data.
CXOToday: Please share your thoughts on how the adoption of futuristic technologies like Blockchain, Robotics, AI, Machine Learning, etc. are helping to tackle this issue of data breach and security.
Rana Gupta: Digital transformation is opening the door to completely new business models. The digital era also brings with it new threats as well as data privacy challenges. When it comes to security, Blockchain along with Artificial Intelligence (AI) are two of the evolving technologies with the greatest potential. With proper security to protect communication, devices and users blockchain can evolve as a trusted platform for enterprises to secure transactions and data. For example, in the Fintech industry, where AI and blockchain working together in a seamless ecosystem could offer significant improvements in efficiency and security. Many banking applications store digital identities; here blockchain technology can be used to secure these, while AI can be deployed in identity verification. Another challenge today is to simplify security procedures for enterprise customers and this is where machine learning can be effective. For example, in banking sector machine learning is deployed very effectively to analyses the profile and behavior of customers in real time and only activates additional authentication measures when required, providing a smooth user experience.
CXOToday: What are the kind of security challenges institutions are facing and how Gemalto is enabling them to implement stronger security measures to improve security at various levels?
Rana Gupta: The digital space is increasingly getting challenging from a security perspective. These challenges encompass privacy of information, non-repudiation of actions in digital world, integrity of information in digital world, and confidence in digital identities. Gemalto helps organizations tackle all these challenges through its Identity & Data Protection suite of solutions that help organizations implement 3-step secure-the-breach mechanism of encryption, secure key management, and secure authentication.
CXOToday: What do you have to say about GDPR and the impact it is going to make?
Rana Gupta: As regulations catch up, Data Privacy has fast evolved to become a matter of survival for companies. Companies that continue to ignore this, risk becoming non-existent almost overnight in the wake of data breaches. Every breach incident has the potential of long term reputational damage to the impacted organization.
The GDPR enforcement has already resulted in the undertaking of massive changes to consumer data collection and processing practices, especially in consumer-led markets. As a result, we will continue to see tightening of the regulatory environment with respect to data privacy and enforcement of penalties on firms as well as fiduciary officers in the wake of data breaches resulting out of inadequately protection measures.
Companies need to realize a breach is inevitable and key stakeholders, their customers, expect them to take reasonable measures to prevent breaches in the first place, and when that fails, to respond quickly and appropriately. GDPR mandates this practice for companies that operate in EU or company doing business with EU citizens. In order to be compliant, a business must begin introducing the correct security protocols in their journey to become GDPR compliant, including encryption, two-factor authentication and key management strategies to avoid severe legal, financial and reputational consequences.