Mr. Sudhanshu M. Nayak - Head Cybersecurity & Cyber Forensics, CMS IT Services

Interaction With Sudhansu Nayak X India Infoline 

Cybersecurity could emerge as the biggest challenge in 2023. How companies should prepare for that?? 

First and foremost, the companies need to discover what they need to protect. Like each patient, cybersecurity prophylaxis, symptoms identification, diagnosis, treatment, and post-exposure guidelines differ. These have been documented in MITRE ATT&CK Framework, CIS/ NIST/ ISO guidelines, CERT recommendations, and incountry compliance frameworks. To build resilience, companies should adopt a healthy mix of solutions and services. • What not to do in times of digital disruption? How to prepare for the future? 

Don’t follow your peers blindly. Your technology stack is unique to your business dataflow and hence, needs appropriate technologies and their integration. Don’t buy technologies which have multiple overlapping functional specifications. This will create digital bulge and is wasteful. Always remember, it’s not multiple tools, it’s how you integrate them into your enterprise fabric is what differentiates you and optimises investments. Don’t start recruiting skill sets in all digital disrupting technology areas. They will drain your finances. Outsource. Remember old cassettes, CDs, and DVDs went through rapid sunsets. 

Invest in a balanced technology portfolio of technology platforms and services. Don’t follow reports of analyst firms and rest all your judgements on them. There are quite a few smaller technology firms delivering knock-out solutions. Explore them in sandbox/ proof-of-concept mode. •

What are the  Data privacy trends in 2023, in compliance with new regulations and their impact on data security ?

India’s Digital Personal Data Protection bill 2022 draft will be tabled in parliament in 2023. Digital India Bill is expected to  subsume the Information Technology Act 2020 and create a revised transformative integrated compliance framework. EU’s Artificial Intelligence (AI) Act draft is trying to take cognisance of the rampant usage of AI and Metaverse developments. Aimed at regulating the massive data processing globally by non-human intelligence, this will have strong echoes on country level compliances. This may peak in 2023. 

After aligning the USA CLOUD Act with UK and Australia, USA and India may, to tackle cross-border data transfer and data free flow with trust, come to a mutual agreement. 

What are the trends, strategies, and future in cloud strategies?

 The Quad Cybersecurity Partnership aims to build resilience to address cybersecurity vulnerabilities and cyber threats by focusing on critical infrastructure protection (led by Australia), supply-chain resilience and security (led by India), workforce development and talent (led by Japan), and software security standards (led by the US). This will create new thrust on multiple trends in cyber resilience, cloud adoption, and resource development. 

 India-specific trends are as follows. IoT/ OT Security will take centre- stage in discussions but the expensive solution implementations will take another year to gather steam. Most enterprises will replace on-premises legacy anti-virus solutions with cloudbased antivirus solutions with enterprise detection and response solutions.  Cloud adoption will be mixed. DevSecOps will pick speed. Shared Responsibility matrices will be more crystallised in services delivery.  Automation and shift-left will continue to evolve. Cloud-based identity and access solutions will gather speed. Cloud skills will be scarce. Organisations will keep paying low for resources and won’t be able to accrue the full potential of cloud. There are hush hush rumours of organisations going back to DC/ DR technologies for better control. 

CMS IT Services works based upon a framework called defensible cybersecurity. How defensible cybersecurity contributes to all cybersecurity stakeholders ?

CMS IT Defensible Cybersecurity framework is a holistic approach to address cybersecurity challenges, aligned to the context of business, addressing systemic issues, challenges, and stakeholder requirements, designed to handle constant change while consistently improving operational controls, designed to address cybersecurity risks for both traditional & digital businesses and their supply chains. Through the framework, we 1. demonstrate value in cybersecurity investments through continuous improvement in cybersecurity posture, 2. establish global oversight on evolving threat vectors, for all elements of the computing environment, and achieve segregated management of all computing elements by deconstructing the entire ecosystem into Defensible Cyberspaces based upon the cybersecurity threats, 3. reduce risks, by operating and measuring cybersecurity controls across physical networks, cloud and mobile leveraging and consolidating technology solutions. Establish granular change governance when changes affect cybersecurity controls, 4. build and enhance capabilities to respond to breaches and to recover to business-as-usual within predictable timelines, 5. demonstrate cybersecurity assurance to leadership by being on top of cybersecurity protection, using the most effective technology options available. 

 How CMS IT Services solve today’s problems in cybersecurity through strong partnerships?

In a digital-intensive world, to address customers’ various cyber security risks and advance their digitization journeys, combining and integrating complementary and symbiotic solutions is essential for a holistic, innovative, and customized cyber security architecture. This architecture should also aim to be future-proof and leverage automation in a big way. This entails delving deep into extremely complex and intricate challenges with business- contextual processes, dataflows generating complicated datasets, and business-vision-based outcomes while balancing financial limitations. To cater to all these themes, CMS IT cybersecurity partnerships are strategic collaborations on IT/ OT security, threat intel, and forensics. Across IT/ OT endpoints, perimetered or open networks, through DC/ DR or cloud or hybrid compute and storage designs hosting web and mobile applications, collaboration suites, e-commerce platforms engaging large structured and unstructured databases and sometime massive data-lakes, more than fifty CMS IT cybersecurity partnerships are aimed at defending, detecting, and mitigating cyber-disruptions. 

 How CMS IT Services consider security in the early stages of digital transformation? 

 CMS IT follows the following three phases: 1. Conduct a vulnerability assessment and penetration testing of the customer applications and the underlying infrastructure.  2. Determine the exploitability of the vulnerabilities 3. Conduct a risk assessment exercise 4. Develop a 5-year Cyber Security Strategy to baseline best industry practices. 5. Build Defensibility into the ICT fabric 6. Recommend measures to ensure Cyber Resilience 7. Conduct Capacity Building for both the Technical ICT Staff and the Senior Leadership as part of Cyber Security resilience.