India as a Global Cybersecurity Hub: Achieving the GoalRajendra Pawar of NASSCOM Task Force Offers Vision for Growth
The Cyber Security Task Force launched by NASSCOM and Data Security Council of India a year ago is working on ways to help build India as a global hub for cybersecurity solutions and develop a skilled workforce of cybersecurity professionals.
See Also: How Can Mobile Banking Apps Fight Back?
"If India develops capabilities in security products and services, it will secure its enterprises better against growing cyberattacks," says Pawar, who's also chairman and co-founder of NIIT Group and NIIT University.
"Large enterprises must identify the scope of cybersecurity job needs to build a robust security posture," he adds.
In an in-depth interview with Information Security Media Group (see edited transcript below), Pawar offers insights on:
- Emerging technologies that draw attention from users;
- The task force's approach to bridging the skills gap;
- Priorities for security practitioners in 2017.
Pawar is chairman and co-founder of the NIIT Group, comprising NIIT Limited, a global leader in skills and talent development, and NIIT Technologies Limited - a global IT solutions organization. He also established the not-for-profit NIIT University. A recipient of the Padma Bhushan award in 2011 for his contribution to the IT sector, Pawar is involved in India's key Chambers of Commerce. He is the former president of MAIT and chairman of NASSCOM, and he now serves as chairman of the NASSCOM Cyber Security Task Force, set up in response to PM Modi's call to see India emerge as a global hub of cybersecurity products and services.
India as Global Security Hub
GEETHA NANDIKOTKUR: As chairman of the NASSCOM Cyber Security Task Force, carrying the charter to build India as a global hub for cybersecurity, what's the progress?
RAJENDRA PAWAR: We have formed working groups for developing the cybersecurity market and technology, building the workforce and creating a policy framework. We are not a government enforcement body, but we will influence the industry in building better security products and intellectual property, helping them grow their investments in building cybersecurity services.
Also, we involve the government to provide the necessary wherewithal to protect their IP. We have identified various security market segments to estimate the opportunity by 2020. The supply side includes large players leveraging M&As to add security capabilities and the emergence of identity and access management solutions driving innovation. We analyzed the demand side of those organizations who deployed security solutions. We included BFSI, the government and retail sectors as they are the trendsetters in consuming technologies, besides manufacturing, which is emerging faster. We observe that data loss prevention and cloud deployed solutions are the emerging technologies, majorly deployed by large organizations.
There's a huge appetite for security products. India is emerging as a hub for security products, with over 150 companies venturing into this. About 40 percent have funding in place. Over 60 percent are start-ups. The task force expects 1.5 times growth in five years with the security market opportunity at $2 billion by 2020. The emphasis will be on developing products which can counter cyber risks. They include products related to data security and application security and endpoint protection, enterprise endpoint security platform, cloud access security - a key emerging area - and secure email gateway, which holds a strong presence. Better security products means better protection mechanisms.
Data Breach Disclosure
NANDIKOTKUR: How much do you influence organizations to report breach incidents as you witness an increase in breach incidents?
PAWAR: Organizations must prepare for these incidents; they should not come as a shock. It's all about better governance and balanced information sharing. We have been discussing orchestrating an intelligent communication mechanism for large organizations to disclose breaches to CERT. We educate organizations to have good governance in reporting incidents and one person at the top responsible for this.
Information sharing is critical; it's taking positive shape nationally. I see big organisations adhering to data breach disclosure norms within the banking and financial markets.
Translating Threats Into Opportunities
NANDIKOTKUR: You believe it's time to translate threats into opportunities, creating over 1 million jobs by 2025, which will be a $35 billion industry. How do we achieve that?
PAWAR: The industry faces a huge skills gap; creating jobs will be a huge challenge. We have been partnering with large enterprises to identify the scope of cybersecurity job needs within organizations. Big organizations across BFSI, government and manufacturing are identifying skills gaps and trying to work closely with education institutes. We've identified opportunities based on the growth of the respective product/service groups and their overall size and job creation potential.
Take the case of the IT industry. It took 15 years to achieve what we wanted to in allocating a budget to IT. I'd expect it to take five years to see government and enterprises allocate 'X' percent of the IT budget to cybersecurity. We pushed every state government to ensure IT gets impetus in their growth plan. Similar exercises are taken up with the government and private sector.
NANDIKOTKUR: What does 2017 look like for security practitioners? What should they watch out for?
PAWAR: Their priority is removing blocks hindering their security postures. We believe in creating opportunities for security practitioners in identifying new cybersecurity roles.
I strongly recommend every organization having a senior person as a CISO who connects with the management to roll out initiatives. A substantial trajectory is developing R&D capabilities within to enhance security capabilities. Some key areas they need to focus would be implementation services; security and vulnerability management; monitoring and audit; and enforcement and mechanisms for technology transfer with information sharing.