Join Pradeep Khurana, CIO & CDO of SBI Card, and Chiranjeev TK, Country Head of Jamf India, as they discuss the significance of mobile endpoint security in today's digital age only on ETStudios at the ETCIO Annual Conclave 2024. Gain valuable insights to enhance your organization's security posture. #TechTalk #DigitalWorkplace #Cybersecurity #TechExperts #ETCIOAC24 #ETStudios #AIOPs #CIOs
Transcript
Hello and welcome to ET Studios at the ET CIO Conclave. I'm your host, Shilpa Ratnam and joining me in the studio are Chiranjeevi TK, Country Head, JAMF India and Pradeep Khurana, Chief Information Officer and Chief Digital Officer, SBI Card. Thank you so much for your time. Thank you, thank you, Thank you for joining us. Now the topic on hand today is the importance of. Mobile endpoint security in the modern workplace. Pradeep, I'm sure this is a big concern for you. Yeah, I think, you know, endpoint security has always been a big area, especially for a heavily regulated business like ourselves. You know, we are into the business of a credit card. And, you know, inherent to this business model is data security. And it has always been a big, big, big area of focus for us. But. I think there is almost like a post sort of pandemic era, you know, the pandemic mandated all of us to work remotely, you know, so we were operating our business in a highly remote and a hybrid model for a very long period of time. And I think it just sort of. Heightened and accelerated some of the transition and innovation in this space. So yes, you're absolutely right, Shilpa, it's a big focus area for us. Absolutely. I would love to hear your perspective on this change. I think I'll, you know, agree on what Pradeep mentioned, right? COVID, unfortunately, while it's an unfortunate phase, but I think from a a it, it brought in a lot of transformation in terms of organizations. Security has always been a key focus for, for enterprise, for organizations. But it's more so now when you're actually giving the freedom to your users to kind of work anywhere, anytime on any device, right? So while you're giving that flexibility, you know, it's kind of making sure that especially with the highly regulated industry where Pradeep belongs to or even in, in various across industries as well, compliance is, is very important, right? And it's, it's critical that while you keep the user experience intact. And making sure the compliance is kind of taken care as well. And I think that's something that, you know, Jamf has always strived to kind of really help our customers and especially on the security side of things in terms of endpoint BT or laptop or also in terms of a mobile device as well. Because I think one of the key thing that has changed in terms of how we consume the data or consume the information, how we work, right? Most part of our work, you know, pre COVID, OK, has been predominantly. On laptops and I'm I'm sure Pradeep would agree that. You know, a lot of work today kind of happens on a mobile device and securing those those devices becomes that more crucial. And we kind of make sure that that's kind of kept intact in terms of the user experience and securing those. You know, when working with BFSI, I'm sure two factors are very important. Of course, data privacy, security and security as an angle, but also staying agile to keep up with all the compliances, right? Correct. Absolutely. And also in terms of a DPP coming in, yes, right. And I'm probably would want Pradeep's take on terms of the whole DP, DP part of it kind of coming in where data sensitivity in terms of, you know, because localization is very important. Pradeep, how are you handling that? You know, DPI, something everyone's talking about. Are you reviewing the sort of tech that you're using to make sure it's compliant with it? Yeah. So see, I'll tell you a little bit about our business model and then we can perhaps talk about what are the implications of the DPP. First and foremost, I think it's a step in the right direction, it's a forward-looking step. And you know in the long term, while there's always going to be that transition from the way some of the business models operate today versus how they would want to operate. Uh, when, you know, the act is in full implementation, there's always gonna be that transition time. I, but I think it's gonna be well worth the effort as far as our business is concerned, You know, we are a retail business and one very important thing that you have to. Note is that while we have 5000 people who work inside closed doors, you know, they sit in a corporate office working on their laptops or desktops through the day, We have 50,000 people in the field. So for any retail business, you know, the whole concept of the mobile worker is a big, big, big factor, right? Because you will have your sales people, you will have your distribution people. At times you will have field support people, field collections people, they're going to be out there in the field. Now, they may not may or may not be your full time employees, but they represent your company, they represent your values, they represent your brand to the end customer. And the only piece of tech that you're going to equip them is going to be on mobile, right? So it will be more often than not an app, which is what they would use to access customer data. It would be. It could be a sales app using which they would originate a new lead for you, right. And therefore the security around that whole endpoint which happens to be a mobile and it's heavily distributed. The number for us is 50,000, right? So those are the number of people out there in the field representing your brand to the customer. And you know something like ad PDP only sort of heightens the way we look at. How we build security around handling that device so it is not no longer only confined to the app that we expose because most of the app would meet the security standard. But then you know, we would want to extend and see how is the device getting secured outside of the app, right. The app security you can do, you know, because that's a program that the enterprise would have written and you can heavily control that. But now with the DPP coming in, we would have to. Also look at factors around how do we not only securitize the app, but how do we securitize and guarantee the whole device without like my friend out here mentioned, you know, without hampering the end customer experience, right? So, so, so yeah, so, so that's going to be the key. And my two cents on this is that while there's going to be that implementation and transition curve for all businesses including ourselves, but in the long term, this is. The right move, this is the right step that we are taking. One other factor that I would want to end with on, on, on this topic is if you look at the broader environment today, you know, how do you do your KYC? You do it digitally, you know you would no longer giving a piece of document to an entity. You would either do an Aadhar or you would do a Digi locker. When you take a flight, you're using Digi Yatra, right? So there is data that you as a citizen of the country. The average Indian today is going more and more digital, right? And without you realizing you're sharing your data, right? And I can look at it from an enterprise standpoint, but if you look at it from the lens of how an average citizen of the country would want to be protected, DP, DP gives you an air cover. Right. So as a as an average Indian citizen where you are expected to do everything digitally where you are expected to. Increasingly, share your data with a government or a private entity. What protection do you have today in terms of your privacy? Very little. But with the DP, DP coming in, there's gonna be as, if I look at it from a consumer standpoint, it's going to be more guardrails, more safety around your privacy. So it's absolutely a step in the right direction for the enterprise and for the public at large. Well, now when you put it like that, I definitely feel more secure. You know, the act coming in now, we spoke about how you have 50,000 devices, you know, perhaps, but I kind of want to. Concentrate on securing the devices of the executives, you know, what is the significance of that and how does one go about that? Yeah, so like I said, you know, at least the way we look at it is one is definitely on the app layer, right. And I would want to go beyond. Device security just for the executive, I would say even for the end customer, right? So when, when, when as an end customer you download the SIM card app, we'd run a ton of security checks on your phone because, you know, we are giving something that would contain your credit card, right? And so we want to make sure. So we would look at any sort of potential vulnerabilities. We would want to look for unsecured data connections and things like that. There are guardrails around that, but especially when it comes to giving. The application security to apps that are used by our executives, you know, we would do all of the basic checks. You know, there's going to be very strong app security. When it comes to device security, we would want to make sure that the device is adequately hardened. And the way we harden devices is that, for example, if you were to access the company e-mail, you will only be able to do it inside of a container, right? So I can't. Take data out of that container and I can't bring in data back into the container. So our view of running security on the device is is 2 pronged. One, we securitize the app in which you would be able to access data. We also secure ties the content by keeping it inside of the container. So for example the the office e-mail you will not be able to access. Hopefully it will only be available inside of a container. So to get to your e-mail, you will first have to invoke the container and then you can only sort of access the e-mail over there. You can't take content out or content in. Yeah. So multiple layers of security layers, you know, both the app and the device. So we look at it. OK, now I'd love to hear Chiranjeev shed some light on this. I think, I think me and Pradeep had a discussion around, I think yesterday we had a chat on that. So I think when you look at executives, right, and we are talking about the cream of the organization and the nature of information that they would have, right? One is obviously there are different roles that people play in an organization, right? I think there was examples given in terms of like a field force, right? The challenges are very, very different in terms of let's clicking on a link, the phishing and malware and things like that, right? Obviously there's a level of security that you can build in. But when you look at it in terms of top executives, let's say hypothetical situation, right, your results are gonna be announced and you have a board meeting and you have sensitive information. And today, if you look at it any layer, the weakest link actually is your user itself. Right. So when you have different layers of security and again I'm keeping in mind in terms of. You know one of the most simple form of security is to block everything. Right. And one of the most challenging thing is to kind of really, again, from a user experience part of it where they have the freedom to kind of really work effectively giving them the choice in terms of doing whatever they would want, but still making sure you are, you're in this secured, you know, you have that perimeter. So the way we at James look at it, especially the executive part of it. So we have a product called Executive Threat prevention. And this is only for the executives, right, because the level of threat over there probably is. Be different. You know, for a growing economy like India, again, the larger vision is that we'll be the third largest economy or probably 5 trillion probably in the next two to three years. There are going to be threats from outside as well. And it's not just in terms of from a government perspective, but also in terms of large. Conglomerates, organizations, which actually builds the economy, right? So those threats are for real, right? And do we have the necessary tools to kind of make sure you know which is there? And unfortunately there are not many. And I think we're glad to kind of say that, okay, Jam, we are committed in terms of, you know, we are market leaders when it comes to mobile security. I think for the last five years at various forums, we've been acknowledged that we are leaders in this space and our our Israeli team Israeli. Development team has, you know, has, you know, has built this particular product in terms of making sure those sophisticated spyware sometimes where the executives are targeted, right. We're not talking about the normal malwares and phishing, we're talking about sophisticated spyware, which can be. Specifically built for an individual, OK, it's gonna cost a lot of money to kind of build a tool like that. But you also need a sophisticated tool to kind of block that, right? You know, it was such a knowledgeable experience listening to you talking about staying ahead in the game and about the tools that you have to offer to do just that. Thank you so much for joining me today. It's been an absolute pleasure. And thank you so much for watching. And do remember, you can also watch our other episodes of ET Studio at ET CIO Conclave. Thank you.To view or add a comment, sign in