The data protection and localisation regulations that are in vogue across the world should not be seen as a challenge to do business, but as regulations that provide safeguards for citizens to ensure data privacy.
"Some form of privacy rules have been around for several years. These rules do not place any unreasonable constraints on business," Vishal Salvi, chief information security officer at Infosys, told TechCircle.
Even as India placed the Personal Data Protection Bill in parliament, these rules mean that information technology services firms like the Bengaluru headquartered Infosys have to work with large enterprises to sort out issues that arise because of these regulations. Businesses need to see these changes as enablers and business differentiators as it does not stop business activities. Rather, they protect the privacy of the end-consumers of these very enterprises, Salvi said.
"We have been adopting privacy best practices and controls for more than a decade. So when a new rule like the GDPR comes, we don't need to make many changes as most of the applications and processes are already compliant with those principles of privacy," he added.
GDPR (or General Data Protection Regulation) is the regulation for the protection of data of citizens within the European Union.
Salvi, who has over 25 years of experience in the cybersecurity domain, is also the head of the cybersecurity practice at Infosys. He joined the company as CISO in 2016. Responsible for the company’s overall information and cybersecurity strategy and its implementation across the board, Salvi was previously a consultant for cybersecurity at global consulting firm PricewaterhouseCoopers. Prior to that, he worked as the CISO of the country's largest private sector lender, HDFC Bank.
Over the last couple of years, the country's banking sector regulator, the Reserve Bank of India, has asked all financial sector businesses to localise the data storage of Indian users. While this has created more opportunity for data centre companies, data management and security companies as well as systems integrators like Infosys, this has also created inefficiency in the system.
"That is because the data does not necessarily reside in one particular location but at a large data centre, where it is easier to manage. It is creating some tension as it unfolds, whether in India or anywhere else, as well as creating overheads. It has put challenges to the concept of globalisation as well as security," Salvi said, adding that centralisation is key for data security management.
However, decentralisation has also seen cloud adoption, migration and deployment becoming a large practice for Infosys with security becoming an even bigger issue with data protection rules.
"Security has to be by design in everything that happens whether it is cloud or on-premise. New ways of implementing security for cloud workloads are emerging with a clear cloud security implementation standard we need to adhere to," Salvi. Security, he added, is increasingly becoming cloud-native helping enhance the cybersecurity of its customers.
According to Salvi, the disproportionate media attention on cybersecurity breaches means that the fear factor of enterprises and customers goes up even as cloud adoption increases. The cybersecurity space is always playing catch-up.
"As the role of the internet grows and new tools, products and platforms emerge like artificial intelligence or the internet of things, the risk of breaches are also going up. As a cybersecurity professional, how you manage and mitigate these risks by adopting countermeasures is the key," Salvi said.