AppLabs is a global leader in testing. As the head of  ICT and CISO of  this organisation, I wanted to highlight a few issues and challenges that I encounter during daily.

Our business model in the testing requires rapid deployment of IT at a shorter notice. To overcome this challenge,we analyzed the landscape and complexity of the business. We consulted with business and delivery heads and gathered information on initiatives and started aligning IT as per our business mission. Now IT is getting regular leads while the proposals are in RFP/RFQ state. We are able to deliver services on demand.

In a global delivery model, customers are demanding uncompromising compliance with respect to information security. People play a very important role in security whereas the technology can only facilitate its implementation. Compliance from people has become a major challenge. To cope with this, we have started conducting ISMS (information security management systems) training sessions for all employees. This effort is supplemented by daily ISMS campaigns and poster display across the campus. We were pushed to take this practice to its next level by conducting an ISMS exam for all the employees and it was made mandatory. The senior management has supported all our process and policy changes to accomplish ISMS objectives. Now, employees have a better understanding of  ISMS, IP compliance and IT governance.

Budget for IT has always been a challenge. IT has to work under constrained environment with limited funds and resources but still cater to the business needs without any compromise. Investment on business expansion plans takes precedence than scalability of  IT resources. Under these circumstances, to secure the budgets, we have worked on providing justification for spending. It is necessary to calculate metrics like ROI, TCO and gauge the benefits of investing in IT – the conventional debate of  Capex versus Opex. Whenever capex has proved an expensive model, we have tried leasing and rental options.

Technology is developing at a fast pace and we are unable to keep pace with it. IT industry is suffering from an obsolescence syndrome. We are choosy about the products/tools that are stable and less transient. First, we evaluate, whether the product suits the requirement of  our company or not. Few requirements are managed through partnership agreements.

With the inception of  Web2.0, user’s expectations have also increased. This is too obvious among the younger crowd. Employees want to use wikis, blogs and social networking sites to interact with peers. They also like to use Instant Messengers (IMs). In  fact these tools help  in  increasing the productivity for smaller companies. But it might prove counter-productive for an organisation like ours. These tools can cause security threats and hence we block the access to these sites. For better awareness, we have also published the reasons for exclusion.

These days, employees want the flexibility of  working from home. Business model does not permit this but in specific cases, WFH is facilitated. Provisioning for working from home will increase the risk of  information security. But, whenever we are facilitating WFH, ensuring customer’s consent and keeping him informed. We have tried to minimize the risk by providing limited access/privileges to the network. Still this is a grey area for generating reports as the traffic is encrypted.

These are the few things that keep me busy. Changing the approach a little bit and few adjustments at the operational level has helped me succeed. I am happy to say that, these efforts have changed the perception of IT among the employees.