Identity and access management, as well as data storage standards should be well-defined, says Cisco’s senior IT executive

Amid the on-going debate over data security and focus on connectivity in the country, V.C. Gopalratnam, senior vice president, IT and CIO–International, Cisco, in an interview shares his perspective on the issues, highlighting that India needs to accelerate the development of a security policy. “In my opinion, it was probably needed yesterday. It is that urgent,” he said. Excerpts:

You mentioned that security today dominates any conversation that you have with companies...

If you look at the world today, there is so much information being generated. So much data is being exchanged.

Naturally, there are questions about what is happening to this information, who is using this and for what purpose. It is natural that security is at the forefront of any conversation.

The other part of the security is that once something bad happens, it is hard to recover from that… not only from an individual’s perspective but also from a company’s reputation and branding perspective. If something is hacked or you lose customer information, the trust is very difficult to get back. Therefore, it becomes imperative that organisations stay ahead of the curve and be more proactive than necessary to make sure these things don’t happen. It is critical to the survival of the organisation.

Second, with the global model, boundaries are disappearing between countries and between companies… with the cloud everywhere. No one has figured out a holistic information security policy because it’s just too complicated. Every country is at various levels of security. The U.S. and Australia, for example, have minimum viable guidelines for security which are national security policies.

We don’t have that here. It is still in the process of being developed and we need to accelerate it.

How urgent is this?

It was probably needed yesterday. It is that urgent. Any asset that can be linked to a human being can be protected through passwords. For example laptop, mobile device, bank account… these can be for identity and access management. But things that cannot be tied to human beings are also connected to the Internet like a car or a plane or an assembly line. There are no standards for security for all of those things. That is the world of OT (operational technology). The world of IT (information technology) is OK.

Then we talk about IoT (Internet of Things) which [is] an intersection of IT and OT… In the world of IoT, without security standards for 90% of the assets which are non-human connected, we have a problem. IoT cannot become real.

What key points should the policy cover?

The policy clearly needs to address standards around identity and access management. It needs to address issues around data storage and data sovereignty. It needs to address standards on encryption. It should also talk about… when you are developing products, how you should test the products to make sure they are robust, particularly in the telecom space.

India imports a lot of hardware. What standards are needed there?

Conversations are going on between the private sector and the public sector. Cisco has also been part of those conversations… it is the establishment of common criteria. For products brought into India and sold here, the question is whether those products need to be tested in India or if they can be tested by an accredited organisation outside India. The government is working with a cross-disciplinary team to establish a common criteria required before any company can sell its product [here].

You are working on a project to reduce poaching of rhinos in South Africa. Is there something you are working on with the Indian government, too?

We have started conversations with the government but they haven’t progressed much... These conversations are around wildlife conservation and sustainability.

How difficult will it be to implement in India?

It will be difficult because connectivity is not pervasive and [reliable]. If you go into the middle of Gir forest or Ranthambore, you are not going to necessarily get the connectivity you want. You can use satellite but that’s expensive and slow. Connectivity is the building block.

The challenge is also that, much like the U.S., the central government is one party and the state government is another party. So who drives the agenda? …Connectivity to every corner of India is not something that a private sector can do on its own.

How soon will you be able to roll it out to customers?

Hard to say. But hopefully in the next 6 to 12 months, we should do something.

Another pilot that we have done internally is a solution around conference rooms. Big part of it is when you walk into a conference room you really don’t know the condition of the room. Is the projector cable missing? Or a couple of chairs are missing...? The solution looks at how can a scan be triggered proactively for the conference room a day before and send an update to the facilities team saying, “We scanned these 20 conference rooms. In this room two chairs are missing.”

We are working now with a company that makes robots… for example I can have a robot now in my office and there is a meeting that is five doors away. I can initiate the movement of the robot to that room. It gets to that room and I can transfer my image to the robot. So I will actually be sitting in the meeting through the robot.

That is something we are experimenting but again some of these are just cute things which we may not be able to sell, some are not even our technology. It’s just how you bring all these together.

It is hard to measure productivity.

But you know what is productivity to one is a jobstop loss to another. Cisco itself has undertaken reduction in workforce. How do you see the whole productivity vs job loss debate?

Frankly, I really think workforce reduction is about two things. First one is really about performance management which has existed forever. I think the second part of it is the work that people are doing and their ability to transform the skills into new areas. Those who are not adept at doing that are the ones who are more likely to get impacted because it’s an ongoing restructuring activity where we are looking at the relevance of people and their ability to re-engineer themselves… It’s not related to productivity or automation, the skills that they have and their inability to transform to a new skill is really what it is… However, as a country we need to get more productive in India. There is still a feeling that we’re still not as productive as we can be and therefore any efforts towards increasing productivity are always welcomed and what this allows us to do is also free upf people to do other things instead of constantly being in this notion of ‘oh my God, I need more people.’

What skills are companies are looking at today?

New skills obviously include data science. It is a big thing. There aren’t enough data scientists.Then there is security…security architects, cloud architects... there is an abundant shortage of those skills. In infrastructure, we are looking at network architects, virtualisation specialists etc. Strangely enough, the number one skill set looked at around the world today is psychology. Because you need to understand the human psyche as everything today is about experience and a lot of companies are investing in psychologist and user experience.

(The writer was at Gurugram at the invitation of Cisco)