MUMBAI: Some of the winners of the Symantec Visionary Awards sat down for a brief discussion during the Symantec Vision conference in Mumbai, along with Symantec India head, Vishal Dhupar. These CIOs were: C.N. Ram, Head-Information Technology, HDFC Bank, Sumit Chowdhury, CIO, Reliance Communications Ltd, and Shailesh B. Patni, Vice President-Technology, National Commodity & Derivatives Exchange Ltd (NCDEX).

These unsung heroes of enterprises, the CIOs, touched upon a range of issues, such as banks as targets for attacks, state of broadband penetration in India, future challenges, manageability of assets, role of multiple vs. single vendors and manageability issues, telecom fraud and security, etc.

Thanks are also due to Symantec's Kerman Kasad and Sagar Desai, and the 2020 Media team present at the event, for making this happen. Excerpts from the discussion are reproduced here:

On banks as targets

C.N. Ram, HDFC Bank: Banks are the most trusted entities. We are also the most vulnerable. In India today, while we are way ahead, clearly, due to the lack of efficient broadband infrastructure, lot of people cannot access.

Also, while threats are there, the value of the dollar is still higher. It seems more attractive to hack the dollar, instead of the rupee.

In terms of response, banks outside have been natural targets. Some of the things today have also become part of the regulatory compliance. We have woven those into the business process. Fifty percent of our transactions are over ATMs. People are still not doing e-commerce in the manner others can do.

On broadband penetration in India

Sumit Chowdhury, Reliance: Broadband penetration is still low in India. Voice and SMS continue to remain the killer applications. However, wireline is still not feasible.

Our spectrum allows 40,000 lines per city. There's lots to be done in terms of improving the broadband penetration in this country. Threats will happen over time. We have to enable broadband, but we still can't ping the devices. We have to worry about endpoint security. Otherwise, you can compromise a lot of things.

On future challenges

C.N. Ram: You can try educating people. However, social engineering happens over a period of time. There is a resistance to use credit cards. We are innovating technology and trying to reduce this resistance. You, as a consumer, are protected from a whole host of things.

Only an alerting mechanism will be of use. As soon as a debit happens, your cell phone receives an SMS. We can prevent money from disappearing. We have a risk engine. We can call up and verify, and contain the damage.

Users also need to be lot more careful in protecting their identities. In the West, people are lot more protective about their identities. As a society, lot more importance has to be given to security.

In India, we are also very casual about data. At HDFC, we started to mask numbers in between. Then, security is also involved while dealing with corporates. There, the security is better, and much easier to operate with.

Shailesh B. Patni, NCDEX: NCDEX has a proper trading platform and trusted users. They are coming into our network from point-to-point and terrrestrial links. We know all of their identities. So, in that sense, we are secure.

Ultimately, the user has to come to the exchange. We have implemented static IP, and also make use of complex passwords to manage security.
On manageability of IT assets

Shailesh B. Patni, NCDEX: As regard to manageability of IT assets, we have to live in a heterogenous environment. You can standardize and simplify. You can also do capacity management.

Sumit Chowdhury, Reliance: Yes, we also have to live with the heterogenous environment. For example, we have six different types of SAN, but are able to live with those.

On multiple vs. single vendors and manageability issue

Sumit Chowdhury: There is a need to come to a common way of managing. We know how to manage servers, etc. We know the complexities that we are managing.

C.N. Ram, HDC Bank: It is like homeopathy. You see the organization and give the medicines, by tailoring.

On telecom fraud, fraud and security

Sumit Chowdhury: The most important frauds happen on the telecom side. People can convert money into telecom minutes. There is a market for buying stolen credit cards for using telecom minutes. The data center is the last place people will come to steal data.

Our dealers come in via the VPN. We know who they are, without using static IP. To take on external threats, security is built in. To manage internal threats, that's what SOX would require you to do. A whole lot of controls come in via processes.

C.N. Ram: We too have thousands of auditors out there, but even then, frauds do happen. We have to manage security.

On challenges for Reliance

Sumit Chowdhury: We have made most of our transactions prepaid. However, some small people still beat them! It's a cat-and-mouse game. More security solutions are coming in. Our Blackberry now allows full trading. You can also remotely wipe out the trading. It's a combination of education, processes, technology and people -- you have to hit the market in all of these ways.

Vishal Dhupar, Symantec: It is much more important to take all of these lessons and imbibe them. In the midst of security, we sometimes forget the infrastructure. Infrastructure needs to be there as well, and needs to be protected.