Data security is a vast subject and our Indian economy has still not understood it completely. It is a good thing that we are beginning to digitise everything, but security is always considered an afterthought today, that too only when something goes wrong. To understand the exact scenario Ankita KS from EFY had an interaction with the country manager of WinMagic India, Rahul Kumar.
Q. What according to you are the main problems when it comes to data security in India?
A. Today, though we have an Indian data security model, we are still stuck in the initial awareness stage and that is a huge problem. There are lot of government initiatives that have been started, but there is no proper control or framework to implement them.
One good example is program Disha by the Government of India (GoI) that will protect the storage, use and transmission of a patient’s health data, collected by all ‘clinical establishments’ and penalise those who breach these laws. Keeping our medical records on the cloud will be very beneficial, but the platform used to store this data and its security level is something that we should be aware of. We cannot make a larger economy digitised without the right set of security controls. Today in India, we do not have the controls nor the right kind of security awareness.
Q. What according to you is the kind of awareness that is required?
A. I always tell my customers that security is about three things, that is people, process and technology. We normally concentrate on the technology, but we miss out the process and people, which are also very important segments. We need to make people aware of what to do, why to encrypt data on Gmail, Dropbox, iCloud etc and what are the consequences.
Q. What are the key sectors where WinMagic solutions are being used?
A. WinMagic works on data at rest. Security is a layered approach and hence there are multiple threat vectors. At WinMagic we focus on one layer of security, that is data at rest. Most of the banks use our ATM encryption tool. One of the major payment regulators in India encrypts all their servers with our technology and are able to manage it even if the servers are compromised or even if someone picks up the virtual instance and moves out to a public cloud environment.
Q. Are there any new encryption techniques used in the industry today?
A. There are no new techniques, but adoption of the existing techniques has become better. There are many industry bodies that bring out technologies, but that would require more computational techniques and technologies once the market is ready.
Q. Where do you think we still lag in terms of data protection? How can we improve?
A. From a security standpoint the key requirement is managing the user experience. If I have 2 GB RAM (Random Access Memory) on my phone and I use a technology that requires heavy resources, my phone becomes very slow. Today, industry is ready from a provider standpoint, but we are still lagging when it comes to adoption. This will get better with all the regulations and steps that Reserve Bank of India (RBI) has taken. With banks also moving towards cloud, it will be a revolution for India in terms of adoption of cloud. Some of these government regulations are doing an excellent job of putting a framework together and helping the customers.
Q. How is compliance dealt with in the industry today?
A. Compliance drives the security industry. RBI had announced that by 2018 March, all the ATMs (automated teller machines) must have a right level of security control, encryption, white-listing and all the key security essentials. What is very important is to realise is that once the government brings in the regulation and starts to monitor it, things start happening for the larger good of the ecosystem. That patience level is missing in the industry today. Privacy will soon become a fundamental right and we can soon expect exclusive data privacy law for the entire country.
Q. What is WinMagic’s future roadmap for the year 2020?
A. As a product company, we are in the process of always evangelising and doing new things. We are the only players in the world who can encrypt and manage data at rest across all infrastructures with the same controls. Now we can provide encryption of endpoints, servers, virtual environment on the data centre or on Amazon Azure in a single step. We can do 70 percent of the things right now; our roadmap ahead is to improve this. By 2020, we should be able to look at WinMagic as a company to which customers come to solve all their data at rest problems with some security standard.
Q. What would be your advice to senior decision makers working towards security solutions?
A. Any company needs an advisor or consultant who helps to analyse the industry well. The biggest job for any CXO is to identify, define, manage and take the risk. They should concentrate more on the fundamental framework and plan what to do for the next six months, one year and so on based on the priority of the tasks. Most companies lack this well-defined security framework.