How vital is ‘Zero Trust Model’ in data security of BFSI sector?

113

Data securityThe Banking, Financial Services and Insurance (BFSI) sector is India is going through a major transition and technology has a major role to play in this regard. However, with digitisation, the menace of data breaches is also growing significantly faster worldwide. In the wake of this, protecting the sensitive data has become a top priority across all business worldwide. This calls for a major breakthrough in the field of data security and raises the vitality of ‘Zero Trust’, explores Rashi Aditi Ghosh of Elets News Network (ENN).

Innovation-led Transformation and the Role of Data Security

Digitisation across the financial institution has become a priority in alignment with the “Digital India” initiatives. Several layers of technology are being implemented to digitise data. However, when it comes to security, there is always a tryst between maintaining the data safety and decreasing the touch-points by zero trust policy.

Explaining the struggle of bankers in terms of digitisation, Mathan Babu Kasilingam, Chief Information Security Officer, National Payments Corporation of India said, “Bankers existed event prior to the emergence of banking as a digitised system. We started off the process by digitising the data that was available in the system. The bankers always have to struggle between the legacy of data and digitisation of records and maintain that in the most integral way. It is also significant that the context of data should begin with zero trust policy. One must ensure that there are fewer touch-points so that the security of data is not compromised.”

When it comes to data, following the basics of web security and controlling the access points plays a pivotal part. Speaking on the role of data encryption, Nabankur Sen, Advisor (Information Security), Bandhan Bank said, “Data security is important. When we talk about Data Security, it is important to go back to the basics. It is significant to think about confidentiality and integrity-the two basics of web security. We will have to go back to the drawing board and analyse whether we are really securing the data. In this respect, there are several guidelines from the Reserve Bank of India (RBI). The focus is on data encryption. However, that is not all. Despite the data encryption we will have to put a check on who is accessing the data. So, the access control is extremely important.”

Emphasisng on trust model in terms of data security, Manoj Nayak, Chief Information Security Officer, SBI Life Insurance Co Ltd said, “If you look at Indian mentality, it is evident that Indians rely on the trust model. Several reports suggest that in the next two years, cybersecurity is going to cost us around three to six Trillion dollars. The average cost of a data breach projected by reports is around three to four billion dollars. It is a matter of concern that the number of data breaches is inflating every year at the rate of two percent.  All these factors must drive organisations towards the zero-drive model.”

With technology the popularity of data-driven brands and data, in particular, has inflated significantly. Data is now named as the new oil.

“Data has gone beyond the new oil; it is now a new phenomenon. Data is offering convenience to us and making our lives simpler. Computing from one place to another without knowing the exact location has become very easy, thanks to technology. A decade ago, top five fortune companies were dealing in oil the scenario has changed completely now. Today the top five Fortune companies are Apple, Google, Microsoft, Facebook, and Amazon. What is the raw material for these companies it is nothing but data, said Avez Sayed, Chief Risk Officer, SBI General Insurance.

Why data security is important?

Data breaches are pinching India considerably and the country had the most number of breaches during 2016-2017, according to a Cost of Data Breach Study conducted by the Ponemon Institute.

The report reveals that Indian companies lost Rs 110 million due to data breaches in 2016-17. It further says that Indian companies experienced the most number of breaches (average 33,167) during the year, almost double that of Australia. The report highlights three top reasons for data breaches. It reports that almost half of the breaches were caused by hackers with malicious or criminal intent. One-fourth of the data breaches were a result of human errors.

Asserting on the financial losses caused by data breaches, Gaurav Deshpande, National Sales Leader – Cyber Security, Tata Communications said, “World war two lasted for six years and cost the global economy around four Trillion dollars. In 2017 itself the global economy has lost around 400 billion dollars to data loss. If you analyse this you will get to know that we have lost nearly equal amount of money due to data loss despite not being in the war situation.  Data is very significant in today’s era and its importance is beyond everything. Securing data involves several factors. Primarily it is a combination of right kind of processes and policies so that you know what is happening at what point of time.”

“Data is spread everywhere in today’s era in the form of applications. When it comes to the integrity part of it the flow in various applications which interconnect, you need to do a plethora of testing not just security testing. Based on which you will be able to ensure the confidentiality and integrity is maintained all throughout the process, starting from the entry points till the exit points. If all this is not taken care of properly then there can be a serious issue,” said Vijay R, Chief Information Security Officer, Mahindra Finance, explaining the vitality of testing.

Role of Core Applications

“If the applications are built up in such a way that they can identify the relevant data points and correct partner APIs, we can look upon data sharing/ enabling for different businesses. We can design our core applications in such a way that they themselves have the inbuilt logic on what amount of data is being shared. As the Banking, Financial Services and Insurance (BFSI) sector is heavily regulated and we have been asked not to put our data across servers that are not located in India, we have to make sure that we are not breaching regulations,” said Shashank Bajpai, Chief Information Security Officer, ACKO General Insurance Limited.

To explore more on data security, watch the video:

Get a chance to meet the Who's who of the BFSI industry. Join Us for 5th NBFC100 Tech Summit, Mumbai and explore business opportunities. Like us on Facebook, connect with us on LinkedIn and follow us on Twitter, Instagram & Pinterest.