A:  style="text-align: justify;">The most important thing today on the Internet is to provide right information to the right person. This calls for two important security mechanisms. Firstly, one needs to know who is accessing the information, and then ensure that the bona fide person gets the information. Secondly, this information should not reach to unintended receivers.

Fifteen years back, when companies transacted, they did so with the right people. It was a face-to-face affair. Today all I have is a password. In fact, half of the passwords created can be linked to spouse names, date of birth and so on. This is a serious problem. To complicate things more, people tend to use the same password all over the place. So your pin code to your bank account is the same as your pin code to the safe in your house. I have not met a single person who has told me that they could remember more than three passwords at any given time. Some people write the on a piece of paper and put it in the wallet. So if the wallet is lost or stolen, you are doomed.

So technology should supplement the needs of the user, but it should not act as a hindrance in conducting business. Try selling a car with seven keys to enter. It may be the safest car, but who is going to buy it?

The role of the CIO or the CSO is to ensure that business runs smoothly, and information is provided to the right person at the right time. The confidential nature of the business or information should not leak out. Security should be embedded in all aspects of the business. Hence, there is a need for a stronger and more secure infrastructure.

A:  style="text-align: justify;">Well, if somebody signs a blank cheque, leaves it on the table and goes home, nothing can be done about it. But what if somebody pretends to be you and signs a cheque on your behalf? This is what needs to be protected.

Today, the infrastructure has not reached a stage where all transactions can be secured. I cannot protect somebody who intentionally wants to harm themselves, but I can prevent someone trying to impersonate somebody else and trying to access confidential information.

There have been instances where users get an email with a URL link and they click on it and keep going unawares revealing all their information like name, credit card details etc. It is very much like boarding a random airplane, landing in an unknown city and walking on your own in an unheard-of neighbourhood.

The role of technology here is to look out for signs that suggest that this is the right plane, right city and the right neighbourhood. This part of technology has to grow with the growth of the Internet.

So we are trying to acquaint users to other things and familiarise other things to these users, so that there is awareness. We neither share our house keys with others nor our ATM password. This is a similar instinct.

All security providers must bring the infrastructure to a point where the user is aware and on the right track while carrying out any business transaction. We also need to bring the awareness levels to a point where people know what they are supposed to do and what not to do. So enterprises need to identify and track everyone’s role in the network, so that if there is anything wrong the culprit would be caught. And if everyone knows that they could be caught, they would not even attempt it.

A:  style="text-align: justify;">I do not think so. A car is more complex. Anything that is foreign looks complex. Designing a security infrastructure that allows applications to use the Internet in a safe way is actually not that complex. What is hard to do is to make the end result seamless.

Take the same example of the car with seven keys. That is not seamless. I have been involved with secure email for over twenty years, and we still do not have a secure email. It is because the community insists on the seven keys.

A:  style="text-align: justify;">Yes, they should be doing it. But it depends on who are their customers. Take, for example, a company who has to deal with suppliers and would at some point require to share confidential information or trade secrets with them. So you need to promptly hold this confidential information. What if that supplier goes and talks to the competition and leaks the information? It would break the whole system. From that view, there needs to be a security SLA, which says I protect your information and you protect mine.

A:  style="text-align: justify;">Any business that wants to calculate a return on investment (RoI) on why they need to make their website secure, is wasting time. The e-commerce worldwide business is worth $ 150 billion and is growing. Now tell me if this is a good RoI or not? Safety mechanisms are required on the Internet because if the medium is not safe, there would be no e-commerce happening. If I did not trust a banking application, I will not login to it.

CIOs and CSOs should think like business managers and not like accountants. It is true that it is the CIO controls the cost of the infrastructure, but at the end of the day he or she has to think about using technology to increase revenues or reduce costs so that the profit increases. For the CEO, the only priority is to grow the business and preserve the business reputation and brand. CIOs need to move a step further by technologically securing this business and brand.