India lacks ability to monitor impact of cyber breach real time: Alex Lei, Dell

[devikad]

India lacks ability to monitor impact of cyber breach real time: Alex Lei, Dell EMC



In India, data protection has been around for several years now. It has been a critical line because of the customers demand to properly manage and protect the explosion of data. For most of the companies today, their business value is stored inside their data. Companies like Uber and Airbnb create business by contacting their customers and the data that is generated out of it. This particularly stands true for India as it is pacing towards becoming a new digital economy, which is witnessing humongous data growth very quickly. Therefore, it would be right to say that data protection as a business is emerging and growing at a rapid pace in India.

According to Dell EMC's recent Data Protection Index 2018, India has seen a 130% data growth from 2016 to 2018 and during the same period, the percentage of data protection adopters have significantly increased from 12% in 2016 to 60% in 2018. The top challenges that Indian organizations face are lack of adequate data protection tools to recover from a cyber-breach; inability to keep track of and protect data due to growth of DevOps and cloud development teams and the complexity of configuring and operating data protection software/hardware.

"One of the major challenges for organizations in India is lack of ability to monitor the true impact of cyber breach real time, so we are seeing regulations shaping up in this regard. In terms of cyber security in India, many organizations do not have the tools or infrastructure to recover from a cyber-breach", says Alex Lei, VP - Data Protection Solutions, APJ, Dell EMC in a candid conversation with ETCIO.

Edited Excerpts:

Q. When we put India on the data protection Index, where do you think the country ranks when compared globally.

The data protection Index talks about the pattern of data and how companies want innovation to see the value of data. We categorized four different areas- Laggards, Evaluators, Adopters and finally the Leaders. So, when we look at the APJ market, the region has been generating humongous amounts of data over the last couple of years. To be precise, the global data protection index stated that organizations in APJ are managing close to five times the amount of data they did in 2016. India itself is generating tons of data. According to Data Protection Index conducted by Dell EMC, Indian organizations are managing 6.43 petabytes of data as of 2018 and 93% of the people in India realize the potential value of data. So, not only is there a huge amount of data but it's value is also being realized.

A few other interesting findings of the report state that 47% of the Indian businesses are already monetizing the data as compared to 36% worldwide and 35% at APJ level. Thus, clearly showing that Indian organizations are preparing themselves to reap better benefits of the data surge.

Q. How is India fighting with its data protection law and regulation?

This is a rapidly changing landscape, when we look at it from a global perspective, many countries can have multiple regulations around data; data privacy, data secrecy and the ability to protect against cyber-attack. In India, what the companies are struggling with is that the regulations are fairly new and they don't quite understand their impact in terms of their actual operation in IT and therefore, are finding it difficult to get control of it.

However, apart from seeing regulation as a challenge,72% of the Indian organizations feel very confident that their organization's current data protection infrastructure and processes are compliant with regional regulations, in comparison to only 35% globally.

Q. According to the challenges that Indian market face in terms of data protection and privacy, regulation and compliance would be one. What do you think other might be?

One of the major challenges for organizations in India is lack of ability to monitor the true impact of cyber breach real time, so we are seeing regulations shaping up in this regard. In terms of cyber security in India, many organizations do not have the tools or infrastructure to recover from a cyber-breach. For example, NASSCOM has set up the Data Security Council of India (DSCI) which is a committee to keep cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. So when organizations do get breached they have the same consistent light of looking at an incident and in understanding its impact.

In cybersecurity, we need to understand the gap between there being an incident verses being able to recover their business. This is a very important distinction. So, just knowing the incident is not sufficient enough, organizations need to equip themselves with adequate measures which help them respond quickly to it. So, talking about a cyber security breach which took place about a year and a half ago called NotPetya, which impacted many companies. That breach had majorly hit the organizations and most of them were not able to recover their critical business data at all. It was a very big incident, not only for India but also APJ and spread all across the globe. So, I believe these are some of the things which the regulators need to keep in mind to realise their protection gap and figure out from a technology process perspective on how to build the right policy basis the learnings from the past events/trends.

Q. No matter how strong the security measures, hackers can still make their way. Therefore, once the data has been stolen, how do you think the businesses can revive it?

So, in the last couple of years, organizations used to believe that they already have the right/ adequate security systems in place which can protect their data from a breach. But, it's now been shifting to a realization that if we do get hacked, what should be the next steps to curtail damage i.e. how we protect the information, how do we recover that information etc. So, in order to help the businesses in this regard, data protection of business of Dell EMC has launched its solution called Cyber Recovery. In this solution, it can prevent your critical data in the case of the worst of the worst cyber-attack as it works on an air gap technology, keeping the critical data into a vault area. We have seen a large adoption of this solution amongst our customers. Talking about the Indian customers, we are observing that they are being more aware about on how to prevent their data from a catastrophe like a cyber-attack.

Q. How has the security landscape changed for Indian companies to become cyberstrong?

In order to be cyber strong, companies in India need to look at a full spectrum of business outcomes. For example, what is the data inside your organization and what is it subject to, which data is critical vis-à-vis not so critical data. We have seen that Indian customers were struggling to understand, segregate and protect their data which leaves their entire data set more vulnerable. However, the trend we are now seeing is that Indian companies are now putting into a lot of effort to better categorize their data sets, on the basis of its criticality for the organization and therefore are able to chalk-out better data protection plans. Another shift we are observing is more focus on data protection as a concept, more so from the boardroom discussions point of view. Thus, the way forward is to include data protection into company's policy in order to prepare better for all future threats.

Source: https://ciso.economictimes.indiatimes.com/news/india-lacks-ability-to-monitor-impact-of-cyber-breach-real-time-alex-lei-dell-emc/68885993