“Zero Trust asserts that no user or application should be trusted by default”

Sammit Potdar, Global CISO, Lupin

Zero-trust cybersecurity, which can adapt to emerging threats and changing access requirements, can detect threats in real time and take immediate action to protect an enterprise’s data, devices, and operations in ways that reused passwords and VPNs cannot. To learn how Zero Trust can help secure the data infrastructure of organisations, Nidhi Shail Kujur of Elets News Network (ENN) interacted with Sammit Potdar, Global CISO, Lupin.

What are the various challenges faced by Organisations while operating in a cloud-based security environment?

There are multiple challenges while operating in a cloud-based environment. To name a few it would be

  • Misconfigurations: This is one of the major causes leading to breaches
  • Unauthorised Access
  • Inadequate change control
  • Lack of secure cloud security architecture
  • Access and Key Management
  • Insecure interfaces /APIs
  • External sharing of data

How does Zero Trust help secure the data infrastructure of organisations?

Zero Trust asserts that no user or application should be trusted by default.

It is a security framework that mandates all users, whether in or outside the organisation’s network, to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Zero-trust cybersecurity, adaptable to emerging threats and changing access needs, can detect threats in real-time and take immediate action to protect an enterprise’s data, devices and operations in ways reused passwords and VPNs no longer can.

How can the potential of AI and automated architecture be leveraged to ensure agility and intelligence in threat remediation?

AI is actually negating the manual security correlation efforts, and hence the probability is very high for tagging any incident as a true positive. Eventually it helps to channel digital forensic efforts. In addition, it helps to devise the overall cyber-attack pattern with attack lineage. Overall, it helps to identify the potential threat actor and vector timely. Subsequently, it’s easy to contain the breadth of cyber incidents. Resume to BAU quickly.

What according to you is the future of the CISO role?

While in the past the CISOs were known solely as security risk managers, with the significant increase in the overall digital footprint and the sheer amount of data across the Org. the role of CISOs has dramatically evolved and are now expected to be business enablers within the Org.

The role of the CISO now involves far more than just ensuring regulatory compliance and adherence to ISO standards (although ensuring compliance with applicable regulations and laws is still a big part of the role). They are responsible for a company’s security strategy and risk management, assessing the company’s security vulnerabilities, staying abreast of changing technologies, and allocating resources to facilitate the strategy.

Also Read | Zero trust: Gaining traction among Indian businesses

CISOs will have to ensure alignment of their security strategies with their business goals, promote threat information sharing among stakeholders within and outside their organisations, and foster collaboration among different functions in SecOps.

How can the CISOs ensure privacy and security in the Organisation’s digital transformation journey?

CISOs shall evaluate, implement and oversight the technical data protection part/measures from the entire privacy and security regime. For example technical part of the data governance model, data lifecycle management, etc. CISOs should work closely with the legal function that actually owns the privacy. The organisation needs to appoint a DPO who has sufficient knowledge of the data protection law to guide the organisation besides having an adequate understanding of security aspects.