The COVID19 pandemic had affected organisations throughout the world, with a sudden shift to the work from home environment. While on the one hand organisations had to accelerate their digital transformation journey, on the other hand, there was this difficulty to shift their workloads to the cloud. The result they had.
The digital transformation market in India is on its way to hitting the $710.0-billion mark by 2024. In percentage terms, it amounts to a CAGR of 74 per cent. With this figure, it can be safely said that the services and technology industry in the country is heading towards progress at a brisk pace, according to an Insights Success report.
In a rush to build or expand the facility, many overlook the single most important factor – building security into every detail. In a panel discussion titled ‘Call of Duty – The Black Ops Commandos of Infra and Data Center Security’ during W.Media’s Bangalore Cloud and Data Center Conventions 2022. The CISOs’ came together and shared their insights into the complexities of managing the critical assets of the infrastructure and data center. The session was moderated by Vivek Khare, Director IT, VerSe Innovation. The panelists included Niranjan Singh, Solution Architect, Information Security, Sify Technologies and Satish Kumar Dwibhashi SVP & CISO, InMobi.
Challenges after COVID
“Because of COVID, the overall risk landscape has changed. Traditionally, security has always been about drawing a parameter. Earlier the employees used to come to the office and work but due to COVID, today employees have started to work from anywhere. I think there is no more defined parameter. Many organisations hosted their applications in data centers and cloud. Today some applications are located in data centers and some in the cloud. I come from an acting enterprise but earlier I was with a fintech organisation where traditionally the banks and the regulatory bodies don’t allow us to go on cloud. That is when we have to go to a data center or a colocation model where the data is within the law of land,” said Satish Kumar Dwibhashi SVP & CISO, InMobi.
He further explained that one of the major challenges the security experts faced was in terms of securing the data in the changing risk landscape and to equally balancing security and convenience.
Companies having best of the security systems in data centers and offices and suddenly it changes when people start accessing all of this from their homes and remote locations. A similar amount of security and protection is not available there as it is in the office and managing that change was a challenge for many organisations, explained Khare.
“If we look from a challenging point of view, there are a lot of challenges and we can keep looking. At every stage, there would be some kind of barrier for the executors. The legacy environment from the experience of an ATM environment where ATMs were on a different kind of operating system, different switches,” said Niranjan Singh, Solution Architect, Information Security, Sify Technologies.
He further explained that there is an automated key renewal process wherein, the ATM master key, terminal master key and the acquire key have to be renewed every year. The keys which are renewed need to be stored in a hardware security module.
From an integration and interoperability point of view based on the make and model of the ATM switches, make and model the ATMs there were challenges in terms of mitigation.
“Hardships are there and not everything fits best of every organisation. Customisation is the key, if you see it from a cybersecurity point of view, I take it in a challenge and response way were in line with the security risk assessment and whatever the control objectives the organisations have strategy and planning from a regulatory, contractual and standard point of view. There can be various standards to adhere to, globally there are more than 130 regulators based on which it is identified that one particular set of technology or process is required to meet the standards,” added Singh.
He further pointed out that while execution there are a different set of challenges when it comes to the application, infrastructure, data center locations, physical locations, geopolitical locations including others and accordingly there are mitigations.
Moving from traditional data centers to cloud
“It is not about the data center but the application which is hosted on the data center. I think many enterprises are in the journey of digital transformation or modernisation of application,” said Dwibhashi.
He further explained that while the data center infrastructure has evolved and supports the majority of applications. Many organisations face challenges during app modernisation. An application that was built for a specific data center model cannot be lifted and shifted to cloud.
On one hand where lift and shift is a great thing what some cloud providers might talk about it is not only that but also the entire ecosystem and platform. This is where many older organisations could face a challenge as the new organisations and startups were born in cloud and they are already leveraging its benefits.
“The applications that have been existing for thirty to forty years it is difficult to lift and shift those. I think organisations are now trying to modernise their workings. The hybrid model is now coming in and organisations are leveraging the cloud for a lot of new applications and old applications are running on data centers,” said Dwibhashi.
Singh in his closing remarks explained that from the point of view of the legacy applications there is definitely a challenge. Few business applications that are ready to re-host can easily be lifted and shifted to the public cloud or a re-platforming for that application can be done.
But, when an application does not have integration or interoperability to run on a public cloud that keeps those applications on-premise and this becomes a roadblock or barrier for some organisations to take the workload to the cloud.