Over the three decades that Vishal Salvi has spent in the IT industry, he has seen the cybersecurity space evolve to now become a top priority for enterprises. Salvi is seasoned in the cybersecurity sphere after seven years as Chief Information Security Officer at HDFC and consequently as a member of the Data Security Council of India. Salvi currently serves as the Chief Information Security Officer and Head of Cyber Security Practice at Infosys and has helped enterprises strengthen their cybersecurity frameworks for the past six years in this role. 

Analytics India Magazine caught up with Salvi for a chat around the services that Infosys Cyber Security provides and the transformation of the cybersecurity sector. 

AIM: How important has cybersecurity become in this day and age for enterprises with increased risk of cyber threats?

Vishal: With rapid digitisation across industries, advancement of technologies, and an increased presence of third-party vendors in business functions, the world is witnessing a spike in cyber threats like ransomware, malware, phishing, data breaches and much more. It is critical for enterprises to primarily protect their intellectual property or crown jewels, be it their source code, product, or information assets—physical or virtual systems, database, confidential data, or others. Therefore, cybersecurity has become a critical aspect of any business today and instead of viewing cybersecurity as a technology function, enterprises must look at it as a business risk management programme that is crucial to their survival. It should be considered as a top priority, taking front and centre in every strategic business decision.

AIM: What are the types of cybersecurity services that Infosys offers to enterprises?

Vishal: Infosys Cyber Security enables its customers’ business to scale with assurance. By driving an enterprise mindset towards secure-by-design at every stage of the business lifecycle, we minimise security risks while maximising visibility of the security threat, impact and resolution. We also optimise the cost and amplify reach while making you secure-by-scale, ensuring that our focus on innovating next-gen threat protection solutions in newer technologies will secure your business’ future.

As a leading Managed Security Service provider, we offer access to cutting-edge technologies by establishing an end-to-end security programme with our service offerings that include Governance Risk & Compliance, Data Privacy & Protection, Identity and Access Management, Cloud Security, Cyber Advisory Services, Emerging Technologies, Managed Security Services, Threat Detection and Response, Infrastructure Security and Vulnerability Management. 

In order to maintain a constant vigil on clients’ applications, networks and systems and to protect them from the ever-changing threat landscape, we offer security-as-a-service in the form of “Cyber Next – Platform Powered Services”. Cyber Next is a modern stack of commercial and open-source technologies driven by in-house, home-grown research and well-tested IP and use cases. It is a suite of integrated ready-to-consume hosted platforms—Cyber Watch, Cyber Intel, Cyber Hunt, Cyber Scan, Cyber Gaze and Cyber Compass that are supported by proprietary use cases, reporting and analytics.

AIM: Having worked in security for years, how have you seen the sector transform?

Vishal: The cybersecurity landscape has advanced rapidly in the last two decades with better regulations, frameworks, and controls. Between 2000 and 2008 were the years that were primarily dominated by antivirus, firewall and VPN solutions that later moved on to promote application-aware firewalls, unified threat management, deep packet inspection and malware analysis. ISF best practices and the NIST framework became prominent. 

Post 2015, the world witnessed the inception of big data analytics, DevSecOps, MITRE ATTACK framework, web application firewalls, threat intelligence and threat hunting. In the recent past ZTNA frameworks, blockchain technology, 5G networks, and Internet of things (IoT) have gained traction in response to the evolving threat landscape. Cyber defence programmes are contributing to workspace transformation, cloud adoption, digital transformation, and borderless architecture.

Cybersecurity is now focusing on the efficiency of controls, predictability of costs and constant innovations. Stakeholders are now demanding security-by-design, cyber hardening, reduced risks and assured quality, managed services and innovation and automation. A strong cybersecurity programme also demands compliance with existing and new regulations. The focus is now on a similar comprehensive cybersecurity programme which will be sustainable, reduces risks and enhances customer confidence.

AIM: How has the company executed their cloud and internet-first strategy via the SASE as-a service solution?

Vishal: Our cloud and internet-first strategy has been a foundational approach to help us pivot to the work-from-home scenario. We have moved the security enforcement to the end device and orchestration to the cloud. This approach has helped us tremendously to scale and deliver high quality and efficient service to our users.

AIM: How do India’s cybersecurity regulations compare with other countries? Is there a need for more stringent laws to match global standards?

Vishal: Today, India is on par with the global standards for cyber security regulations. In fact, the work done by the Reserve Bank of India on the Indian Banking Regulations has been far ahead of other countries and they continue to make significant progress on the same. India is also well poised to introduce data protection laws which will further strengthen the governance and accountability with all the stakeholders with respect to responsible use of data.