Information Security 2.0: Transitioning From the Era of Control to Partnership

Concentrix data security enables successful business results through an integrated partnership approach with clients

Information Security 2.0: Transitioning From the Era of Control to Partnership - CSO Forum

Let us not look back in anger, or forward in fear, but around in AWARENESS!

American cartoonist and author James Thurber’s quote, much before the era of computers and the internet, is a timeless classic. It resonates today like never before. And in the realm of information security, more than ever!

In an era where effective security systems are essential to maintain confidentiality and integrity, information security has emerged as an enabler to support business strategy and performance! Today, even as enterprise security becomes a strategic priority, both technology and information security has parallelly developed as a means to build integrated partnerships with clients.

Data security threats abound. As organizations promote a culture of awareness and security among employees, stakeholders, and clients, the need of the hour is to constitute a security system that is embedded into our business plans, fulfills customer expectations, and meets operational requirements. In short, the security architecture has to be integrated with the overall organizational vision.

The why and how of Infosec challenges

It’s a given that organizations across industries must have an efficient enterprise security architecture and information management system. For a company like Concentrix, that spans across 275 locations, 40+ countries, 6 continents,  huge customer base, and constantly evolving business environment and client expectations, the challenges come with the territory.

These challenges stem from a constantly changing threat landscape, across diverse industry demands. Different business imperatives (e.g., work at home, BYOD), client requirements and implicit expectations need to be top of mind. Privacy and security laws worldwide are becoming more specific and focused, and the leadership team’s priorities around acquisitions and integrations are huge.

Three factors have enhanced information security threats for organizations:

  • Exponential growth of business: With new business collaborations and solutions, the industry and regulatory imperatives scope has gone beyond specific territories with stringent and specific mandates. Countries are framing precise security rules and cyber security frameworks. It is challenging to keep up with all the legal and regulatory requirements.
  • Availability of new hacking tools: The continuous progression in and the availability of tools such as artificial intelligence has proven to be a boon for hackers. In addition, the collaboration of threat communities for resource sharing amplifies the danger to information security.
  • Security no more a siloed activity: With billions and trillions of events happening every minute, it requires optimum combination of human expertise with advanced auto-learning technologies to make knowledgeable decisions with quick reflexes. This requires a highly collaborative effort on an unprecedented scale, and this isn’t always easy to achieve.

Meeting the threat landscape from a vantage point

In most organizations, the security function is designed and identified as the “perennial sceptic,” of being a hindrance to business. Most security professionals are perceived to be “compliance driven” rather than “business driven.”  At Concentrix, however, the singular aim is to convert challenges into opportunities. This has been achieved by making strategic investments in the areas of “Detection & Visibility” as against the earlier focus on “Prevention.”

In the realm of data security, there are different views on how security should be managed. The focus over the past year at Concentrix has been on making strategic investments in the areas of Security Analytics, Rights Management, BYOD, Advanced Persistent Threats (APT), etc. This has enabled the organization to develop intelligence-driven, real-time threat management systems to keep the organization ahead of the curve.

Security compliance in a business services environment

Data security implementation at Concentrix is aligned to client requirements and business needs. While the need is to effectively plan, deploy, and monitor the appropriate controls and procedures to ensure compliance, it is critical to ensure compliance does not prevent flexibility of operations. These measures ensure our security controls are robust enough to keep us safe from internal and external threats, and yet do not hamper smooth business operations.

In the area of outsourcing, data security has assumed complex proportions. Concentrix deals with a range of customers, processes, locations, and regulations. This calls for its security function to maintain a fine balance between protecting its own “internal” business interest and the compliance demanded by the client’s regulatory context and contractual requirements.

Customer satisfaction is the main objective for any business services provider. The security function should be tuned to that goal while designing its practices and guidelines for business operations. A security function can succeed only if there is a partnership approach with business. The true test of success of any risk management function is when the business itself becomes risk aware, identifies risks, and approaches the security function for solutions.

As Stephane Nappo said, “It’s easier to implement cybersecurity than to deal with cyber-adversity.” 

The author is Director – Global Security at Concentrix Corporation


Add new comment