As Digital services are becoming a large part of every individual’s life and in the light of various instances of data breaches, a regulatory framework to ensure data protection has become more important than ever. And to ensure the information of its citizens are kept safe, the Indian government is looking to formulate its data protection laws to be able to better deliver digital services.
As the government works on framing these guidelines, Vishak Raman, Director, Security at Cisco says it is extremely important to have a consolidated 360-degree view of security. For example, when there is a breach of Aadhaar data, the hacks don’t often happen from the central repository of data but from the third-party connections which are there. Vishak says that to be able to secure all links, don’t just look at securing the fort. “Look at the third-party links, the security of their APIs. The approach should be different from our perimeter approach of a firewall. Have a 360-degree view across security kill chain,” he said, speaking to TNM on the sidelines of the Cisco India Summit.
What this also means is that it’s not the technology, it’s the products, people and processes involved and process is what needs to be worked on.
Cisco was part of the feedback that the government took from stakeholders on how the government should look at the framework. Vishak says that just adopting European Union’s General Data Protection Regulation will not help. It is important to look at the framework specific to the Indian context.
“Applicability set up of India is very different and GDPR doesnt talk about technical controls. What we have proposed is that we need to clearly put technical controls in place. Unless you mandate technical controls, laws will be toothless and so that is our message whereby the laws have some teeth and have some responsibility towards data processing,” Vishak adds.
Cisco has been working with the Indian government an various state government over the past few years. It has tied up with CERT-In (Computer emergency response team) and has also set up cyber security centres to help monitor threats and train people, including government officials to handle cyber-attacks. Through its security offers ‘Talos’, threat intel is shared real-time with the government
Cisco also has MoUs with leading national technical research organisations where Talos threat intel is shared with.