"The adoption of security technologies depends on what business applications define or run that business, rather than deciding which next gen technology to adopt. That is better generic approach than a strategic one," says Sujoy Brahmachari, Sr. General Manager - Information Systems & CISO, Hero MotoCorp.
What does the new-year hold for Security and what technologies will Hero MotoCorp look out for?
There are certain things in security that you cannot decide beforehand. You need to decide what your organizations needs in terms of business applications etcetera to build the security posture. For a website or e commerce site you have to build security in terms of authentication, perimeter security on top of that platform. You merely cannot decide to go with a particular brand of firewall or other brand of IPS.
Security works in line with the business in organization like ours. We at Hero MotoCorp run business driven IT and not IT driven business.
SMAC is taking place in reality. Security will definitely revolve around SMAC security. For applications which is public facing like social, one needs internal and external policies. For mobile apps and BYOD, MDM solutions becomes a must and companies using cloud will need periphery security, The adoption of security technologies depends on what business applications define or run that business ,rather than deciding which next gen technology to adopt. That is better generic approach than a strategic one.
What was the rationale for Hero MotoCorp to invest in NAC solutions last year?
We work with many third party vendors and they come to their premises and use their infrastructure too. We wanted to limit the access depending on the user's profile. That was business requirement as we have multiple offices across India and spreading out of India. We wanted to have control of our network. As the network spreads with more users and more devices, we want to have network administrator control in case of any vulnerability. Being a big WAN network organization, immediate action is needed to control and quarantine the area.
After reviewing multiple vendor solutions in the market, the finalized NAC solutions from European based security vendor had the edge as it had no agent running on corporate network. It automatically scans through the network. That device sitting on our network is mapped to all active network devices. Any device or any system not part of our domain will be immediately blocked. Now we are able to secure the users and give the access securely and also extend BYOD.
How do you fight the overhype of technologies by various OEMs?
It depends on person to person of a particular OEM. We focus on business driven IT. When we started to build our own IP like designing motorbikes etc, there was immediate need to deploy DLP. It was not some vendor approaching us to tell us what we need to do.
Sign up for CIO Asia eNewsletters.