By Mandar Sahasrabudhe on 7 November 2012
Join the conversation as Mandar Sahasrabudhe, Business Transformation Unit, KPIT chats with Mandar Marulkar, Chief Information Security Officer (CISO), KPIT, about information security and its role in an organization’s overall IT strategy.
Source: Bala Sivakumar
Mandar Marulkar has spent over a decade in Information Technology with several leading organizations including KPIT. He has played an important role in helping KPIT achieve well-recognized certifications like ISO 27001 and Business Continuity 25999.
In the conversation below, Mandar and I discuss how information security has grown to become an essential element of a holistic enterprise-wide IT strategy.
Me: In today’s business context, what is the importance of information security in an organization’s IT strategy?
Mandar: The role of IT in an organization has grown rapidly over the past decade to become a key business enabler. The way I see it, apart from people, everything else is IT, and information security is a key part of any sound IT strategy. That’s because an organization’s productivity depends on secure data centers, information, applications, and IT infrastructure. Importantly, as an organization, security has a direct impact on a client’s trust. Securing critical customer information and IP, and protecting them from the customer’s competitors is an organization’s responsibility. As an organization, we’re highly focused on these issues and have adequate processes and technologies in place to protect our customer’s interests. At an individual level too, I believe it is the responsibility of every business person to take information security into consideration.
Me: What are the components of a robust IT strategy?
Mandar: IT Strategy really talks about what our business requires and, therefore, varies from business to business. An organization’s IT strategy is driven by business planning, an understanding of who the customer is, what product/service is being offered, and other such considerations. The objective of an IT strategy is to make one’s business effective and efficient. It directs us to think about issues like how one can deliver faster, optimize costs, satisfy end users better, and increase productivity. These are essentially the pillars of an IT strategy.
Me: What security challenges do organizations typically face with respect to IT risk management?
Mandar: Well, technology evolves and changes very fast, and, ironically, that’s actually something that adds to an organization’s information security risk. For example, platforms like social media help to make your business brand come alive, but also with the rider that it can impact your business negatively if not managed intelligently. We have several examples of how social media poses security threats to organizations and governments around us every day.
An organization should adopt new technology and media only if they are aware of the possible control mechanisms needed. Organizations should know how to implement adequate controls in place with the necessary flexibility to ensure that the company’s overall security is not compromised. It is the responsibility of the employees to follow all corporate rules and policies laid down by the organization.
Me: So how do you think the role of information security will change in the future?
Mandar: I think people’s mindset regarding information privacy has started to change. Earlier, personal information was the most critical information. However, you now find that people share their photos, contact details, and so much more on social networking websites. But this cannot happen with business. Here, every little detail is confidential and should remain that way.
I believe, in the future, the importance of information security will not abate. On the contrary, I think its role, especially when it comes to an organization’s IT strategy, will only grow.
- By David Riemenschneider
- By Durga Kankanala
- By Steve Bradley
- By Abhishek Sinha
- By Aditi Sahastrabudhe
- By Kirk Kuzirian
- By Abhishek Sinha