[MUSIC PLAYING] Hello, everybody. Welcome to One Identity's Cybersecurity Trends and Insights video series. I'm Darren Thomson, vice president of product marketing. And in this series, I'm going to be interviewing the thought leaders of cyber security so that you can hear directly from them about the challenges they're facing and perhaps how you can overcome your own challenges.
Today our conversation partner is Narayan Sharma. Narayan is the global head of identity and access management, as well as cyber platforms at Tata Consultancy Services. Narayan, welcome. Perhaps we can begin with you just describing a little bit more about your role in the organization.
First of all, thanks, Darren, for having me today. So if I need to quickly introduce TCS, TCS is a global leading IT services consulting and business solutions provider. We have partnered with world's largest businesses to help them in their IT, as well as business transformation journeys for 50 years now.
TCS is a part of Tata Group, which is India's largest and most trusted multinational group. We are more than 500K people working across 46 nationalities. I am with TCS for over 21 years now, and I'm a part of TCS cybersecurity unit, which employs over 13,000 consultants across the globe.
TCS cybersecurity has various offerings, like governance risk and compliance, cloud security, enterprise vulnerability management, identity and access management, IOT security, and so on. But we also have platform-based business, which offers as a managed service to customers. I am globally responsible for the service strategy, running the COEs, P&L, as well as the delivery governance of identity and access management and TCS cyber defense platform services under TCS cybersecurity. And these are the two core services that we have, which bring in the significant revenue for TCS cybersecurity.
So that's about me, a longtime practitioner in cybersecurity, Darren. So happy to be with you in this conversation. Thank you.
That's great. Thank you, Narayan. Thanks again for being with us. And certainly with the global scope and sophistication of your services, I'm sure our audience can learn a lot from your experiences. So why don't we start with the general cyber threat landscape? A lot's been happening over the past couple of years on a global basis, both technically and politically. So what effects of the changes in the cybersecurity landscape have been having on your business and the solutions that you deploy?
Sure. So from our perspective, we see the evolution of cyber threat landscape in the past couple of years in a number of different ways. One, we see increased attack surface driven by cloud migrations, rapid pace of digitalization, which was driven by the pandemic, as well as the supply chain side of risks. Another trend that we see or revelation that we see is around the increased sophistication in cyber attacks. And we saw that through Solarwinds, as well as Log4j attacks.
Similarly, there's an increase compliance requirements in regulated industries, which is mandating company boards to take note of security resiliency or cyber resiliency. As you have seen, the US government has mandated federal agencies to adopt zero trust-based approach for cyber security resiliency. And governments and organizations across the globe are following the switch for the obvious reasons as they see the value in following the zero trust-based approach.
On the other side of the technology, we see the advances in quantum physics that is driving the planning towards post quantum crypto to protect from crypto attacks on the algorithms that are there in the use today-- RSA and all that. Because with the quantum coming into picture, that will make some of these algorithms vulnerable to attacks. So we are seeing the organizations are exploring. While some of these migrations to technologies and advancements will take some time, but we are seeing the planning towards that in some of the mature industries where they are investing into cybersecurity.
That's really interesting. Any idea on sort of timelines around the quantum piece, Narayan? I mean, we've been talking about quantum now, I can remember for at least a decade. What are you seeing out there in the field in terms of where we really need to start thinking about quantum very seriously?
Yeah, no, absolutely. We see varied thoughts there. There's no kind of one specific timeline that the analysts are agreeing on, but it is somewhere around 5 to 10 years is the horizon when we would see the post-crypto algorithms. They would be in the work, and the organizations would start moving their existing crypto investments into the newer algorithms.
Right, right. So I'm sure today's audience would really want some takeaways from you. So why don't we talk about the priorities for the CISO today? What would you say are the three key priorities for a CISO that's best trying to protect their business in today's threat landscape?
Yeah, so in terms of priorities as we saw, however, the threat landscape is evolving. If I need to put them under a few buckets, one is because of the company board's interest into the cyber resiliency because of the regulatory aspects of those industries. The end-to-end visibility is something which the organizations are looking at as far as their threat landscape is concerned, as far as how well are they protected is concerned. So that is one broad bucket where the customers are looking at how could they really implement solutions, seek advisories to get that end-to-end visibility into their threat landscape.
Second is about the security assurance and compliance. And that brings in how well are the organizations prepared to manage the attacks that might come their way, and how well are they aligned to the compliance needs that they have. Similarly, the enabling the business transformation, right? While security has to play a very silent role and the backend role, many of the technologies which drive that transformation while keeping the business secure is another bucket where the organizations are investing their efforts and time.
So if I need to then map this to the CISO's priorities, if you talk about the transformations, as I talked about the zero trust architecture based approach that the organizations are taking in, while CISO has priorities across the board, right? Be it from the visibility standpoint, be it from the assurance standpoint, or be it from the security solution standpoint, recently we see a lot of focus that is being put on the zero trust-based initiatives.
And as a part of that, we see the approach, the zero trust approach, is getting quite identity centric for obvious reasons. Because in cybersecurity, identity is at the center, because that drives the visibility into where the attack is coming in from what kind of identities are getting leveraged, or I would say misused within the organization. And that helps to really tie in the whole attack chain. So that's where we are seeing organizations taking the identity-centric approach to their zero trust initiatives.
And various customers at various, I would say, maturity levels as a part of their zero trust journeys. And as a part of that, we see they are looking at ensuring provisioning of right access to the right people at the right time. So it's all about you need to get the access right. At the same time, we are seeing a lot of privilege access that drives a lot of automation, especially using non-human identities, as well as human identities, because human identities still need to really administer systems and need to really manage some of the very critical and sensitive business applications.
The third aspect that the CISOs have to need to look at as a part of the zero trust solutions, which have to bring in the controls, which are more risk-based, which are more cost context aware, and solutions which will enable the granular access for their workforce, as well as partners, as well as their consumer identities to their critical business applications. All in all, what we see, CISOs investing their priorities around how could they get their zero trust initiatives right.
And if they are more identity driven, how could they drive some of these mandates or some of these objectives by bringing in the right solutions, by bringing in the right approaches, the roadmaps that they need to really drive their vision towards. So yeah, essentially, we see a lot of focus on identity and access management as an area to enable their zero trust objectives.
Interesting. And you know, we're certainly seeing that same kind of demand in our customer interactions at One Identity. One of the other challenges or trends that we're seeing as well in identity is a requirement, really, to start to bring identity technology together to unify that technology sometimes into some kind of a platform. What do you see the future holding in that regard? And why is unification of these technologies so important, do you think, to clients?
Yeah, so identity and access management, I mean, it is full of technologies. It is full of tools. And traditionally, we see customers taking a very siloed approach, a very standalone approach to implement a particular part of the solution. And that has its own, I would say, the downside in terms of the technology data that it might create. You might not have the visibility across the board when you talk about unifying the identity view. Across the control set that would enable the zero trust vision for the organization.
So in that sense, we see that customers are looking at how could they unify their identity and access management strategy with a solution which could do that more seamlessly than trying to retrofit the solution components, which might, over a period of time, again, create a technology date. Or if they need to be replaced, there could be a challenge in doing that.
So with that in mind, we certainly see customers are looking at how could they bring in identity governance and administration side of controls, working hand in hand with privileged access management controls so that even privileged identities could be managed, that the entire lifecycle could be managed with the right visibility and control. And also integrating with the controls around the change management, as in ITSM, the SIM side of the controls, which could enable better visibility, as well as monitoring, and the multifactor authentication, as well as the security management side of controls for privileged access management.
But instead of working all these controls in silo, it is important that they need to work together. CISOs are realizing this. Security leaders are realizing this. And that's where they're looking at how could they bring in identity governance and administration, privileged access management, web access management, which includes a lot of SSO technologies, multifactor authentication, behavioral biometrics, passwordless, right? Many of these technologies are playing their own role in bringing in specific controls, but they have to all work together.
So because of this reason, we are seeing customers are increasingly looking out for the solutions which could work seamlessly together to deliver the obvious value in terms of the user experience, in terms of the maturity of the control set that they could deliver, as well as the technology data that they could avoid, right? So with all this in mind, we see customers increasingly asking for solutions, which will align to this vision of unification of identities.
How do you look at that, Darren? Do you have any different perspective from the industry?
I think a lot of what you're saying, Narayan, mirrors precisely the experiences we're having in the field. I think, interestingly, certainly in the CISO conversations that I have, clearly risk reduction is a very big part of the equation here and a very compelling reason to unify identity.
But I think operational efficiency is another one. You know, there's so much wastage concerned with managing individual tools, not having those workflows that, as you point out, manage the entire life cycle of an identity. There are both operational efficiency gains, I think, to be had there, as well as significant risk reduction as well. So we're definitely seeing the same kind of trends.
So Narayan, unfortunately, we're about out of time. Really great pleasure to speak with you, and thanks once again for being with us. I think certainly food for thought there for our listeners. So thanks once again. And for now, everybody, that's it for us. Thank you very much.
Thank you so much, Darren. Thank you for having me today.
[MUSIC PLAYING]
14:56
