Share to lead the transformation

In Focus

Jaspreet Singh

Partner, Cybersecurity, EY 

It’s about leading the cybersecurity organization in the new normal.

The Covid-19 pandemic has ushered in a series of unprecedented shifts in global and Indian economic conditions amidst extensive industry disruptions. Over the last ten months, there has been a significant remolding of how services and products are delivered and consumed. Remote working has become a reality and, in some ways, ‘the new normal,’ while online models have primarily driven consumption of goods and services. These drastic and sudden modifications in business environments have significantly impacted the ICT  and cybersecurity priorities and investments across organizations.

Almost all enterprises have responded to this precarious situation by empowering their employees and engaging customers through remote working interventions, policies, and tools. Without a doubt, this response has been brisk and useful to an extent and has brought to light chinks in many an organization’s armors in the realm of cybersecurity.

Coupled with an insurmountable surge in the volume and sophistication of cyberattacks in the last two quarters, India’s CISO community had to move ahead with a steely resolve to address these challenges. (See: How COVID-19 has changed cybersecurity focus for 2021)

Jaspreet Singh, Partner–Cybersecurity at EY, outlines the top challenges faced by the CISOs in India in the wake of the Covid-19 pandemic. He also shares best practices that organizations could embrace to steer them through the complex maze of cybersecurity issues and help them firm up their cybersecurity posture.

Essential, and yet troublesome—thy name is remote working.

Covid-19 is creating a global ‘work from home’ culture, as organizations see employees working from home as a feasible long-term option if regulatory issues can be addressed.

However, cybercriminals are using it as a massive opportunity as people are often connected to the corporate network through their home Wi-Fi connections, which are not secure due to weak router configurations or multiple poorly protected IoT devices connected to the same network (among other things).

Cybercriminals are also using this time of great fear to target people with phishing attacks using coronavirus themes. Cybercriminals are also leveraging and targeting video communication platforms for hijacking teleconferences, and we have also found maze ransomware targeting managed IT, service providers, on a global scale.

Adapting to the new normal is the biggest challenge for the CISO.

Today’s enterprises need to secure access to their organizational resources, regardless of the user or application environment. This means that the biggest challenge is about adapting to the modern distributed workplace and embracing a mobile workforce while protecting people, devices, and data, irrespective of their locations. (See: Here’s how the new Cyber Security Policy could reshape CISO roles)

Addressing the remote working conundrum—in search of a feasible and effective intervention

It is highly critical for organizations to review their cybersecurity strategies given the global pandemic and follow their renewed realization of IT dependence. IT teams are organizational warriors who have worked day and night and played a crucial role in helping most organizations adapt to the work-from-home culture.

The initial focus of all organizations has been on enabling work from home in the fastest possible time, due to which security was not kept on priority. This resulted in a major risk.

Cybersecurity also needs to align itself to see through risks to the organization—its people, processes, and technologies. The organization would have to align its cybersecurity strategy to changing IT strategies and investments.

Post the pandemic, the cybersecurity organization is slated to undergo a drastic transformation.

The cybersecurity industry will see a sharp increase in the demand for adapting to technological solutions for remote working and security solutions to reduce risks to the IT infrastructure.

The cybersecurity skills shortage will also worsen as these skills would be necessary to protect the IT infrastructure and address the likely increase in cybersecurity compliance.

Never trust, always verify—‘zero trust’ as a critical component of the cybersecurity system for Indian organizations. 

Zero trust teaches to “never trust, always verify.” It has a significant role in how people access organizational resources, regardless of where the request originates from or what resources one accesses.

Jaspreet Singh, PartnerCybersecurity, EY

With 17 years of rich industry experience, Jaspreet owns the P&L of Cybersecurity for North India at EY. He advises organizations across telecom, tech, media, and entertainment sectors, and has been instrumental in helping them become cyber-ready businesses of the future.

Over the years, his advisory and evaluation skills have helped many businesses progress through the cybersecurity value chain.

He also shares the additional responsibility of developing the cybersecurity practice in Bangladesh and the Middle East for EY.

Expertise

  • Data privacy
  • IT security and governance
  • IT strategy
  • IT program management
  • IT attestation services
  • Datacenter security
  • Network security
  • Risk assessment and management
  • Business continuity planning and crisis management
  • Ethical hacking

Honors and awards

  • Chairman Value Award, 2014
  • Consultant of the year, Cybersecurity, 2017

It is not about users being un-trustworthy; instead, it is about firmly authenticating, authorizing, and inspecting all traffic flows always to ensure that malware and attacks don’t sneak in accidentally or maliciously.

Many organizations are knowingly or unknowingly following, in principle, the ‘zero trust architecture.’ However, moving to a complete ‘zero trust’ architecture will take time. Organizations need to mature to a level starting with strong authentication in general.

It will be essential to consider each investment carefully and align it with current business needs. Fortunately, each step forward will make a difference in reducing the cybersecurity risk and returning trust in the entirety of your IT Infrastructure.

Aim to build resilience across the value chain.

You must be prepared to deal with the attack. You have to be able to investigate the incident quickly, make smart decisions, and take actions immediately.” Effective resilience programs look not only at the infrastructure within the four walls of the organization but also look to consider the impacts of customers, vendors, partners, and other participants across the value chain.

*The article was originally published as part of a Better World–Microfocus Coffee Table Book initiative titled Accelerating Enterprise Innovations. You can read the e-Book by clicking here.

MORE FROM BETTER WORLD

New Dropbox features could make pro remote workers more sticky

New Dropbox features could make pro remote workers more sticky

Dropbox has launched a host of new features for its premium subscribers, a move aimed at facilitating better real-time collaborative work experience amidst the new work-from-home normal. The cloud storage provider has introduced three new Dropbox features: a password manager, a secure vault, and an automatic storage feature for its Dropbox Professional and Plus users. In June this year, Dropbox had made these features available to beta users.

According to Dropbox, the password manager will help its users save their different credentials in one safe place and autofill them so that users can instantly sign into various websites and apps. The new password manager works on Windows, Mac, iOS, and Android OS.

This service, though not exclusive, will help Dropbox users put strong and unique passwords for different web-apps without any hurdle of remembering them.  There is already a flurry of free password managers such as Lastpass, Myki, KeePass, Dashlane, among others, in the digital marketplace today. Dropbox mentions that the feature will allow users to sync their passwords automatically from the desktop to mobile devices and vice versa.

The new Vault feature provides an extra layer of security for relevant documents to Dropbox users. According to the company, users can store files such as insurance cards, passports, and housing documents in the Vault and provide access to their trusted friends and family members in case of an emergency. Currently, the service is available to Dropbox Plus users only.

The last feature that the company has introduced is the computer backup feature. The feature eliminates the need for manual backup and automatically syncs folders on the PC directly with Dropbox. This service is available to all Dropbox users.

Eying new opportunities

With over 600 million registered users and around 15 million paid customers across 180 countries, Dropbox is undoubtedly one of the most significant players in the cloud storage segment. The San-Francisco headquartered company is competing closely with the likes of Google Drive, Microsoft’s OneDrive for Business, Box, Zoho Docs, ShareFile, and Apple’s iCloud in the market. Besides these, the industry is also witnessing the entry of several newbies who are chipping away the market share.

Dropbox’s new feature announcement is in line with the company’s strategy to increase its user base and become profitable by the end of 2020. During the last couple of years, Dropbox has taken aggressively steps to bolster its proposition in the digital collaboration space. In September last year, the company launched Dropbox Spaces, a machine intelligence-enabled smart feature that lets teams reorganize and bring all their documents together in one place so that multiple users can access everything from one central location. Besides, Spaces also enables Dropbox users to scan and find their records immediately by inserting keywords.

Earlier, Dropbox’s strategic partnership with Zoom Video in 2018 was aimed at helping its users to seamlessly communicate and discuss content in real time.

Dropbox ended the second quarter fiscal 2020 on June 30, with US $1.931 billion in revenue and over 15 million paying users. According to Dropbox, it witnessed a revenue increase of $67.3 million quarter-on-quarter and 17% year-on-year. During the last one year, the company has also been able to increase its average revenue per paying user from $120.48 to $126.88. 

Tough competition ahead

The cloud storage market is gaining enormous traction today. Given the ongoing Covid-19 pandemic, the remote work environment has become a new reality. As such, the traditional way of storing data is becoming obsolete, and cloud storage companies are exploring new opportunities to benefit from the work-from-home trend.

Enterprises and professionals are rapidly moving towards collaborative workspaces and prefer storing data in a way that can be accessed and shared anytime with anywhere digitally. As such, players like Dropbox, who have strong fundamentals, will continue to gain market share. However, even with the growing opportunity, the market is expected to see significant consolidation in future. Tech giants like Microsoft and Google are speedily enhancing their digital portfolios with an eagle’s eye on cross-selling opportunities. As such, industry observers expect the document cloud storage market to consolidate into four to five major players in the next 12 months. It will be exciting to see if players like Dropbox can maintain the momentum with new pathways for growth or decide otherwise.

LinkedIn forgoes SlideShare to focus on more premium services

LinkedIn forgoes SlideShare to focus on more premium services

In a significant development, SlideShare, LinkedIn’s presentation-sharing service platform, has been acquired by Scribd, a digital library giant, for an undisclosed amount. As LinkedIn forgoes SlideShare, it also undoes the acquisition done eight years ago. The deal with Scribd is likely to be completed by September this year.

SlideShare has been part of LinkedIn since May 2012 and has helped LinkedIn users increase knowledge and share best practices in areas such as marketing, sales, and digital transformation, among others.

“On September 24, Scribd will begin operating the SlideShare business, its 100 million users, along with its presentation upload and hosting tools, and tremendous archive of presentations and documents,” said LinkedIn in an official statement.

Launched in October 2006, SlideShare has been considered as the YouTube of slideshows by the tech industry. LinkedIn acquired the SlideShare platform in 2012 for $119 million. At that time, LinkedIn said that the acquisition would enable it to deliver more value to its users who can share their experiences and knowledge in the form of various documents, videos, and presentations. Later, Microsoft acquired LinkedIn in 2016 as part of a wider UC&C strategy.

Through its blog post, LinkedIn has informed that existing SlideShare users can continue to access their account with the current login information. Post transition, Scribd will manage the existing SlideShare accounts as per their terms and conditions.

­­

A good fit in Scribd’s portfolio?

Scribd has been on an expansion spree for the last few years. The company was launched in 2007 with a sole focus on document-sharing service and then added an e-book subscription service in 2013. Over the years, it started sharing almost everything under the skin on its digital platform.

By acquiring SlideShare, Scribd will be able to further diversify its offerings to users. The company currently has over 100 million digital assets, including audiobooks, music, e-magazines, podcasts, and e-books, hosted on its platform. Now, with SlideShare purchase, it will further expand its portfolio in professional content and presentation space as well.

Last year, the company had raised $58 million from growth firm Spectrum Equity for its expansion and growth plans.

“Our acquisition of SlideShare is a major step towards creating the world’s largest digital library,” said Trip Adler, co-founder and CEO of Scribd. He further elucidated that the acquisition will enable Scribd to continue to diversify offering while driving even more readers to the books, audiobooks, magazines, and other professionally published works in its digital library.

LinkedIn does away with a misfit?

As LinkedIn forgoes SlideShare, the move seems to be in line with its future strategy of focusing on its premium services for the next level of growth. For the first few years, the professional networking site wanted to build a repository of contacts senior executives, enabling real-world professional relationships. At that time, it offered almost everything for free without concentrating on revenues. However, with over 700 million registered members in 150 countries, it is now majorly focusing on premium services with a monthly subscription model. Some of the key services it has been offering under its premium plans include In Mails, premium insights, online training, among others.

SlideShare, for all the reasons, has not been aligning well with LinkedIn’s long-term plans. First, it was a free service where everyone could share and distribute professional content, which may or may not have been attributed to genuine authors.

Second, through its verified training courses and downloadable resources, it can strategically focus on building exclusive content repositories for its premium users. In future, virtual platforms will likely become more mainstream mediums to learn, collaborate, and share.

Embee launches VirtuaPlace for SMBs in India

Embee launches VirtuaPlace for SMBs in India

Embee Software Pvt. Ltd. has announced the launch of VirtuaPlace business continuity solution aimed at small and medium businesses (SMBs) in India. The solution is aimed at facilitating SMBs in cloud adoption. VirtuaPlace for SMBs runs on Microsoft Azure and brings together offerings across Azure, Microsoft 365, Octane HRMS, SAP Business One, and Windows Virtual Desktop.

The launch comes amidst a growing assumption that remote work scenario is here to stay even beyond the pandemic situation, and seamless teamwork, collaboration, data security and more at controlled prices is going to be a need for the SMBs.

Embee has been a partner of Microsoft India for more than 30 years and has empowered 2500+ organizations of all sizes with customized digital solutions in the IT services market. It also has one of the largest cloud consumption and adoption of portfolios in India, with more than 2 million entitlements in Microsoft 365 and 70% growth in Microsoft 365 business in FY2019.

Sudhir Kothari

Sudhir Kothari, MD & CEO, Embee

“This COVID-19 adversity can inspire organizations to rethink their digital strategy and adopt the offerings to transform their businesses. VirtuaPlace is designed to empower small-medium businesses and enterprises with business continuity, robust security, and productivity while scaling their operations at reasonable costs. Businesses can choose from a variety of solutions and services, curated to their needs, at an attractive monthly subscription. Embee is eager to be the partner in growth for organizations in the digital age,” Sudhir Kothari, MD & CEO Embee Software Pvt. Ltd, noted.

With VirtuaPlace, Embee is focusing not just on smooth onboarding but also on ensuring customer adoption of the new technologies on a foundation of successful digital transformation. To its credit, Embee has onboarded more than 200 schools to utilize Microsoft Teams as a remote learning tool during the Covid-19 pandemic.

Krishna Sai

Krishna Sai, CTO, Embee

“With the solution, schools have found themselves equipped with a digital platform to ensure continuity in learning. The swift implementation, taking as little as 3-days per school, establishes Embee’s credentials to empower organizations digitally. We are looking to replicate this success with VirtuaPlace across the country,” Krishna Sai, CTO, Embee Software Pvt. Ltd, said.

Venkat Krishnan, Executive Director, Commercial Partners, Microsoft India said, “Small and medium businesses form the economic backbone of our country. Bringing together the power of the Microsoft cloud and other offerings in a secure and scalable environment, VirtuaPlace by Embee can helps SMBs transform digitally and be future-ready in a world of remote everything.”

Apart from creating a virtual place for business to overcome remote working challenges, Embee offers a secure environment and advanced threat protection to its partners so that they can adapt to remote work environments, more smoothly.

Combating cyber threats in the new normal

Combating cyber threats in the new normal

The Covid-19 pandemic has impacted the information security priorities of enterprises drastically. With remote working becomes a new normal, IT and cybersecurity risks have grown manifold. The go-to-market needs of users have also transformed, and meeting client expectations in real time have become a challenge in the new environment. Combating cyber threats now needs a multi-pronged approach.

Despite stressed technology budgets, there has been a massive surge of optimism in the cloud and managed services solutions market due to organizations’ innate need to drive agility and scale. Businesses are continually looking at new-age solutions that could help their workforce deliver exceptional results even in the work-from-home environment.

Since millions of people are working remotely, there has been a deluge of new cyber and IT security threats that organizations are witnessing. According to a recent cyber threat report by SonicWall, a leading cyber security player, ransomware continues to be the most concerning threat to corporations and the preferred tool for cybercriminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020. Moreover, 7% of phishing attacks capitalized on Covid-19 pandemic while there was 50% rise of IoT malware attacks. The report said it analyzed threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories.

According to the Covid-19 Threats Report by McAfee Labs, the first quarter of 2020 saw significant increases in several threat categories. During this time, cybercriminals seem to have exploited the vulnerabilities caused by the pandemic and tried to make a substantial impact on the networks. The report states that the new mobile malware increased by 71%, primarily due to trozons, and total mobile malware grew by about 12% over the previous four quarters. Interestingly, new IoT malware saw a 50% increase.

This emerging threat landscape has compelled organizations to aggressively focus on disruptive technologies and solutions that could enable them to innovate confidently and provide consistent value to their clients without breaching trust.

Let’s look at how organizations can enhance their security architectures during these unprecedented times and reduce IT security risks.

Focus on threat lifecycle management

A continuous focus on the entire threat lifecycle management (TLM) provides much-needed assurance for tackling any unforeseen scenarios. Organizations need to evaluate the information assets that they need to protect continually, and then take advanced measures for detecting and mitigating cyber threats.

The depth and quality of threat intelligence softwares can help enterprises achieve the much-needed IT security resilency, even for employees who are on their home networks. Some of the major companies that are providing robust threat intelligence management solutions in the market are: IBM, Dell, Trend Micro, Symantec, Check Point, F-Secure, McAfee, and Juniper.

Upgraded tools and methodologies

As cloud deployments become more and more intricate, organizations should ensure to assimilate multiple ways of inventory classification and include them in overall asset management strategy. In the multi-cloud environment where organizations want the best of public and on-premise worlds, the list of cloud applications can change very quickly. Hence, enterprises should have the necessary tools and methodologies to know:

  • List of cloud inventory on their network
  • Why they exist
  • Are they still important?

Incident response automation

By employing security automation in cloud environments, organizations can control the damage at the right time. Automated incident response tools enhance the detection capabilities of vulnerabilities and threats. It accelerates the response time in the event of a security alarm and free up the time of security teams to focus on high-impact alerts. Some of the leading players in this segment are: FireEye, IBM, AT&T, Symantec, Verizon, and DXC Technology.

Browser isolation technology

Enterprises have been using sandboxing, a software management technique to isolate various enterprise applications from critical resources, as part of their efforts to strengthen security against new-age threats. However, in the current environment, information security practitioners consider web browsers as a chief target for cyber attacks and recommend to implement isolation technologies to physically isolate an employee’s web browser and related activities from the local machine and the network.

This model enables enterprises to track and identify the routine infiltration points on their networks and take remedial measures immediately.  Major vendors operating in this segment include Symantec, Cyberinc, and Web Gap.

There are also other tools available through which organizations can quickly isolate affected systems and analyze the breach methodology to prevent such instances in future.

Wipro hardens its LIVE Workspace suite with Intel vPro

Wipro hardens its LIVE Workspace suite with Intel vPro

Wipro Limited, a leading global information technology, consulting and business process services company, today announced that it will join forces with Intel to enable Wipro’s LIVE Workspace, Wipro’s digital workspace solution with the Intel vPro platform. This joint collaboration will help customers drive business continuity by enabling remote IT support and solutions, as they seek to keep employees productive amid social distancing boundaries and other remote-work limitations that have become the new normal.

Wipro integrated the Intel vPro platform into LIVE Workspace, a suite of digital workplace services to provide remote manageability of devices. This extends to users at home or in the office and provides enhanced protection and security against firmware-level attacks. The combined solution provides practical business continuity services to enable enterprises to rapidly design, deploy, and manage a true remote work experience. Intel recently introduced its 10th generation Intel Core vPro processors that are built for business to power next generation business computing needs. Wipro will leverage the Intel vPro platform which features Intel Active Management Technology (Intel AMT) and Intel Endpoint Management Assistant (Intel EMA). This will enable remote work and drive seamless productivity and collaboration while giving employees the flexibility to work from anywhere in a safe, more secure and reliable manner.

Satish Yadavalli, Vice President, Cloud and Infrastructure Services, Wipro Limited said, “The collaboration is a testament of our strength and our joint resolve to enhance the value we can create for our customers. We intend to bring together our strong complementary capabilities on remote working tools & platforms, desktop & application integration and managed services, to help mitigate the impact of the pandemic. Wipro is a leader in workplace management services and Intel in client computing solutions. Together, we can equip enterprises to enhance employee experiences and connectivity to help achieve strategic business outcomes.”

“Our partnership with Wipro has been strong and we applaud Wipro’s laser focus on driving customer value. The Intel vPro platform is built for business, and Wipro’s digital workspace solution is perfect for customers adapting to the new normal of remote workplace management. Together we are delivering on a vision for seamless productivity and collaboration, so people can contribute at the highest level regardless of where they are,” said Stephanie Hallford, Intel Vice President of the Client Computing Group and General Manager of Business Client Platforms.

Nokia’s CoE at IISc could be a 5G robotics catalyst

Nokia’s CoE at IISc could be a 5G robotics catalyst

Finnish multinational Nokia recently announced that it has collaborated with the Indian Institute of Science (IISc), one of India’s foremost institutes and university for research and higher education in science and engineering, to set-up the Nokia Center of Excellence (CoE) for Networked Robotics. Nokia’s CoE at IISc has some far-reaching potentials in the areas of 5G and artificial intelligence (AI).

The CoE would primarily focus on 5G-connected drones in emergency management, agriculture, and industrial automation.

Nokia mentions that the new facility will leverage the competencies of Bell Labs—a Nokia-owned industrial research and scientific development entity—to facilitate research and solutions development in areas such as robot orchestration, robot network controller, and human-robot interaction.

“Emerging technologies such as the 5G have the potential to enable an entirely new array of use cases with a profound societal impact. With Nokia’s rich innovation heritage, we aim to engage with the bright and young minds at IISc to nurture and advance the latest technologies that can benefit communities. We are confident that it will lead to the development of ground-breaking use cases,” Sanjay Malik, Senior Vice President and Head of India Market, Nokia, said in a statement.

According to Nokia, the critical research use cases in this effort will include drones for remote management of agricultural orchards to promote water conservation and avoid human contact with pesticides, gathering situational information, and applications like anticipating crop fires. The research at Nokia’s CoE at IISc will also include the use of connected robots in industrial automation.

Drone technology strengthened by 5G

Drone-based use cases are particularly exciting for a vast country like India, which needs intelligent, safer, and budget-friendly solutions to monitor and manage remote locations for various purposes. A couple of years ago, Reliance Jio, now the country’s largest telecom operator, showcased a robust 5G-enabled drone that could be used in security surveillance and detect threats through real-time monitoring from the sky. Jio is believed to be working on several new technologies by harnessing the power of 5G to create a strong impact soon. Jio and Ericsson had jointly developed the prototype.

One of the significant potentials of 5G technology is that it reduces the latency rate to one millisecond. This is phenomenally better in comparison to 4G technology, which offers an average latency of about 50 milliseconds (latency is the time taken by the signal to travel from the device to a cell tower). Hence, in such a scenario, 5G-enabled drones will leverage high-speed internet connectivity and technologies like AI to realize their full potential in real-time. For instance, such drones will be useful in disaster rescue operations and locating casualties during catastrophes through instant live-streaming footages.

For enterprises too, the drone technology could be of great help as it would enable them to keep a tab on their remote warehouses and delivery of goods and services even to the most distant of places, without much of human intervention.

A part of bigger 5G gameplan

Globally, everyone is eagerly waiting for the rollout of 5G technology. While the Covid-19 outbreak may have pushed the 5G deployment plans a bit further, the technology today holds more importance than ever before.

The remote-working environment and social distancing measures are likely to continue for a longer period, even once the outbreak of the pandemic subsides. In such a scenario, 5G is expected to drive enterprise and socially relevant digital transformation efforts by supporting several new-age technologies such as the internet of things (IoT), robotic process automation (RPA), facial recognition (FR), and machine learning (ML), among others, for efficiency gains.

Nokia’s CoE at IISc may be seen as one of the many steps to intensify its 5G prospects in the country. The initiative is in line with the Indian government’s efforts to promote innovation, strengthen the domestic ecosystem around new-age technologies, and foster economic growth. By collaborating with IISc, Nokia also has the opportunity to demonstrate its technological competency and network capabilities to the government.

It is notable in this context that Nokia has recently signed a deal of Rs 7,636 crore with Airtel to help the telco lay the foundation for providing 5G connectivity. The company is exploring several partnership models to expand its horizons in India.

The made-in-India angle

India, which is aggressively focusing on modern-day innovations to enable advanced facilities and infrastructure, even in the remotest of its areas, is being seen as a massive investment destination by multinationals.

With local sentiments growing for domestically manufactured products and services, global multinationals will continue to take a collaborative route to produce Made in India products.

Moreover, as the second-largest telecom market in the world, India also offers massive potential for 5G gear makers such as Nokia, Samsung, and Huawei. These companies will likely explore other possible routes as well to meet India’s domestic manufacturing requirements.

0 Comments

Submit a Comment

Your email address will not be published.